diff --git a/configurations/host/waffentrager/services/auth/samba.nix b/configurations/host/waffentrager/services/auth/samba.nix
index 6c4bf43..fb18aac 100644
--- a/configurations/host/waffentrager/services/auth/samba.nix
+++ b/configurations/host/waffentrager/services/auth/samba.nix
@@ -44,6 +44,9 @@
       networking.firewall.allowedUDPPorts = [ 135 137 138 389 88 53 123 464];
       systemd.tmpfiles.rules = [
         "d    ${servicePath}/tls/  0600    root    3000000     -"
+        "d    ${servicePath}/private/  0600    root    3000000     -"
+        "d    ${servicePath}/lock/  0600    root    3000000     -"
+        "d    ${servicePath}/cache/  0600    root    3000000     -"
       ];
       services.samba = {
         enable = true;
@@ -60,6 +63,10 @@
               workgroup = ${materusArg.waffentrager.samba.workgroup}
               idmap_ldb:use rfc2307 = yes
               ldap server require strong auth = yes
+              private dir = ${servicePath}/private
+              lock dir = ${servicePath}/lock
+              state directory = ${servicePath}/lock
+              cache directory = ${servicePath}/cache
               tls enabled  = yes
               tls keyfile  = ${servicePath}/tls/key.pem
               tls certfile = ${servicePath}/tls/fullchain.pem