From 21154229334ac1d3717006c5e8d019e507621959 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C5=A1per=20Fele-=C5=BDor=C5=BE?= Date: Mon, 13 Apr 2026 12:55:18 +0200 Subject: [PATCH] Change CIFS homes mountpoint, options --- roles/ad_joined/tasks/main_lin.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/roles/ad_joined/tasks/main_lin.yml b/roles/ad_joined/tasks/main_lin.yml index a7f7e68..cfb19ef 100644 --- a/roles/ad_joined/tasks/main_lin.yml +++ b/roles/ad_joined/tasks/main_lin.yml @@ -47,6 +47,11 @@ owner: root mode: 0600 +- name: Fix apparmor HOMEDIRS + template: + src: apparmor_cifs_homes + dest: "/etc/apparmor.d/tunables/home.d/cifs_homes" + #- name: Configure libpam-mount # copy: # src: pam_mount.conf.xml @@ -60,7 +65,13 @@ command: pam-auth-update --disable mkhomedir become: true -- name: Create kstart service +- name: Use sssd for cifs idmap + file: + state: link + src: /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so + path: /etc/alternatives/idmap-plugin + +- name: Create service to get and renew machine kerberos tickets copy: src: kstart.service dest: /etc/systemd/system/kstart.service @@ -70,14 +81,19 @@ src: kstart.service dest: /etc/systemd/system/kstart.service +- name: Create profiles directory + file: + path: /home/profiles + state: directory + - name: Add mount - cifs_home mount: boot: true fstype: cifs src: "//ucilnicesmb.fri1.uni-lj.si/ucilnice_d" - path: /mnt/cifs_home + path: /remote_home state: mounted - opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,nostrictsync,cache=loose,mfsymlinks,dir_mode=0700,file_mode=0700,fsc,multiuser,x-systemd.requires=kstart.service" + opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,cifsacl,setuids,fsc,multiuser,actimeo=65536,nostrictsync,cache=loose,resilienthandles,noatime,x-systemd.requires=kstart.service" - name: Restart sssd service: