[global]
	netbios name = MYSRV
	workgroup = MYADDOM
	realm = MYADDOM.MYDOM.RU
	create krb5 conf = no
	hosts allow = 192.168. 10.
	server string = %h
	security = ads
	encrypt passwords = yes
	kerberos method = system keytab

#	These two lines are for AD DC without rfc2307 support
#	template shell = /bin/bash
#	template homedir = /home/%D/%U

# Beware: manual clean of caches is reqired on idmap change!
	idmap config * : backend = rid
	idmap config * : range = 20000-30000
# Use uid/gid from AD. This is most elegant (though error prone) way.
	idmap config MYADDOM : backend = ad
	idmap config MYADDOM : range = 1000-9999
	idmap config MYADDOM : schema_mode = rfc2307

	winbind nss info = rfc2307
	winbind use default domain = Yes
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind nested groups = Yes
	winbind separator = +
	winbind refresh tickets = yes

	local master = no
	domain master = no
	preferred master = no
	dns proxy = no
	wins server = dc.myaddom.mydom.ru
	wins proxy = no

	inherit acls = yes
	map acl inherit = yes
	acl group control = yes
	dos charset = cp866
	unix charset = utf8

	printcap name = /etc/printcap
	load printers = no
	debug level = 3
	log file = /var/log/samba/%m.log
	max log size = 50
	use sendfile = no

#============================ Share Definitions ==============================
[homes]
	comment = Home Directories
	browseable = no
	writable = yes

# cd /home && ln -s . HOME && ln -s . home
[home]
	path = /home/%U
	public = no
	writable = yes
	printable = no
	create mask = 0600
	directory mode = 0700
	force directory mode = 0700
	write list = %U

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	guest ok = no
	writable = no
	printable = yes

[myshare]
	path = /rpool/myshare
	public = no
	writable = yes
	printable = no
	acl allow execute always = true
	valid users = @homeusers, @adminusers, goodguest
	write list = @adminusers
	create mask = 0640
	directory mode = 0740
	force directory mode = 0740