This parameter is designed to control how Winbind retrieves Name Service Information to construct a user's home directory and login shell. Currently the following settings are available: template - The default, using the parameters of template shell and template homedir) <sfu | sfu20 | rfc2307 > - When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose "sfu", if you use SFU 2.0 please choose "sfu20". Note that retrieving UID and GID from your ADS-Server requires to use idmap config DOMAIN:backend = ad as well. The primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute. template sfu