# Global parameters
[global]
	netbios name = {{ ansible_hostname|upper }}
	realm = {{ krb5_realm }}
	server role = active directory domain controller
	workgroup = {{ workgroup }}

	timestamp logs = no
	logging = systemd file@0
	log level = {{ samba_dc_log_level }}

{% if samba_dc_use_rfc2307 %}
	idmap_ldb:use rfc2307 = yes
{% endif %}

	template homedir = {{ winbind_template_homedir }}
	template shell = /bin/bash

{% if samba_tls_enabled|bool %}
	tls enabled = yes
	tls keyfile = {{ samba_tls_keyfile }}
	tls certfile = {{ samba_tls_certfile }}
{% if samba_tls_cafile is defined %}
	tls cafile = {{ samba_tls_cafile }}
{% endif %}
{% endif %}

[netlogon]
	path = /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No