[global]   
            workgroup = MYAD
            realm = MYAD.INTERN
            netbios name = PC007JB
            server string = %h server
            security = ADS
            ntlm auth = No
            allow trusted domains = No
    #       use kerberos keytab = Yes
            kerberos method = secrets only
            syslog = 5
            log level = 0 winbind:5
            log file = /var/log/samba/log.%m
            max log size = 1000

            idmap config * : backend = tdb
            idmap config * : range = 89999-99999
            idmap config MYAD : backend = rid
            idmap config MYAD : range = 100000-199999

            template shell = /bin/bash

    #       winbind separator = +
            winbind enum users = Yes
            winbind enum groups = Yes
            winbind use default domain = Yes
            winbind refresh tickets = Yes
#            winbind rpc only = Yes
            winbind expand groups = 2
            winbind normalize names = yes
	    winbind offline logon = yes
	    winbind cache time = 300
	    winbind reconnect delay = 10