[global]
    server min protocol = NT1
    server max protocol = SMB3
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    private dir = /var/db/samba4/private
    max open files = 1060130
    logging = file
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = games
    obey pam restrictions = yes
    ntlm auth = yes
    directory name cache size = 0
    kernel change notify = no
    nsupdate command = /usr/local/bin/samba-nsupdate -g
    server string = FreeNAS Server
    ea support = yes
    store dos attributes = yes
    lm announce = yes
    acl allow execute always = true
    dos filemode = yes
    multicast dns register = yes
    domain logons = yes
    idmap config *: backend = tdb
    idmap config *: range = 1000000-9000000
    server role = member server
    workgroup = DOMAIN
    realm = DOMAININEERING.COM
    security = ADS
    client use spnego = yes
    local master = no
    domain master = no
    preferred master = no
    ads dns update = yes
    winbind cache time = 7200
    winbind offline logon = yes
    winbind enum users = yes
    winbind enum groups = yes
    winbind nested groups = yes
    winbind use default domain = no
    winbind refresh tickets = yes
    winbind nss info = rfc2307
    idmap config DOMAIN: backend = ad
    idmap config DOMAIN: range = 10000-500000
    idmap config DOMAIN: schema mode = rfc2307
    idmap config DOMAIN: unix_primary_group = no
    idmap config DOMAIN: unix_nss_info = no
    allow trusted domains = no
    client ldap sasl wrapping = sign
    template shell = /bin/sh
    template homedir = /home/%D/%U
    netbios name = DOMAIN-FS01
    create mask = 0770
    directory mask = 0770
    client ntlmv2 auth = no
    dos charset = CP437
    unix charset = UTF-8
    log level = 1
    idmap config DOMAIN: unix_primary_group = yes
    idmap config DOMAIN: unix_nss_info = yes


[PROJECTS]
    path = "/mnt/DOMAINFS/PROJECTS"
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    access based share enum = no
    vfs objects = acl_tdb zfs_space zfsacl streams_xattr
    hide dot files = yes
    hosts allow = 10.1.10.0/24
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare
    write list = @"DOMAIN\Domain Admins",root
    valid users = @"DOMAIN\Domain Admins",root