# {{ ansible_managed }}
[global]
       workgroup = {{ smb_domain }}
        security = ADS

        log level = 3
        log file = /var/log/samba/samba.log
        interfaces = eth1

        # AD binding
        passdb backend = tdbsam
        allow trusted domains = yes
        realm = PSS.ESSS.LU.SE
        security = ADS
        client schannel = No
        client NTLMv2 auth = Yes
        #map untrusted to domain = Yes
        local master = no
        domain master = no
        preferred master = no
        unix extensions = No
        client signing = Yes
        #IDMAP
        idmap config *: backend     = tdb
        idmap config * : range       = 1000000-1999999
        idmap config * : base_rid    = 0

        # winbind
        winbind use default domain = no
        winbind separator = +
        winbind enum users = yes
        winbind enum groups = yes
        winbind offline logon = yes
        winbind refresh tickets = yes
        map acl inherit = Yes
        username map script = /etc/samba/win2unixusers



        # Accent
        dos charset=CP850
        unix charset=UTF-8


        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
        load printers = no

{% if smb_domain == "PSS"  %}
        include = /etc/samba/smb-pss.conf
{% endif %}

[homes]
   comment = Home Directory
   read only = No
   browseable = No
   valid users = %S
#   vfs objects = virusfilter
#   virusfilter:scanner = clamav
#   virusfilter:socket path = /run/clamd.scan/clamd.sock
#   virusfilter:connect timeout = 30000
#   virusfilter:scan on open = yes
#   #virusfilter:scan on close = yes
#   virusfilter:max file size = 1000000000
#   virusfilter:infected file action = quarantine
#   virusfilter:quarantine directory = /var/tmp/quarantine