diff --git a/roles/winbind/defaults/main.yml b/roles/winbind/defaults/main.yml
index a006cfa..9b6b93e 100644
--- a/roles/winbind/defaults/main.yml
+++ b/roles/winbind/defaults/main.yml
@@ -1,4 +1,4 @@
-winbind_idmap_range: 16777216-33554431
+winbind_idmap_range: 3000000-3009999
 winbind_nss_info: rfc2307
 winbind_use_default_domain: true
 winbind_offline_login: true
diff --git a/roles/winbind/templates/winbind.conf.j2 b/roles/winbind/templates/winbind.conf.j2
index 2414332..317d72b 100644
--- a/roles/winbind/templates/winbind.conf.j2
+++ b/roles/winbind/templates/winbind.conf.j2
@@ -1,11 +1,13 @@
 template homedir = /home/%U
 template shell = /bin/bash
 
-{% if winbind_idmap_backend is defined %}
-idmap backend = {{ winbind_idmap_backend }}
-idmap config * : backend = {{ winbind_idmap_backend }}
+idmap config * : backend = tdb
+idmap config * : range = 1000000-1000999
+idmap config {{ workgroup }} : backend = ad
+idmap config {{ workgroup }} : range = {{ winbind_idmap_range }}
+{% if winbind_nss_info == 'rfc2307' %}
+idmap config {{ workgroup }} : unix_nss_info = yes
 {% endif %}
-idmap config * : range = {{ winbind_idmap_range }}
 
 kerberos method = {{ winbind_kerberos_method }}