Change CIFS homes mountpoint, options

roles/ad_joined/tasks/main_lin.yml

@@ -47,6 +47,11 @@
     owner: root
     mode: 0600
 
+- name: Fix apparmor HOMEDIRS
+  template:
+    src: apparmor_cifs_homes
+    dest: "/etc/apparmor.d/tunables/home.d/cifs_homes"
+
 #- name: Configure libpam-mount
 #  copy:
 #    src: pam_mount.conf.xml
@@ -60,7 +65,13 @@
   command: pam-auth-update --disable mkhomedir
   become: true
 
-- name: Create kstart service
+- name: Use sssd for cifs idmap
+  file:
+    state: link
+    src: /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so
+    path: /etc/alternatives/idmap-plugin
+
+- name: Create service to get and renew machine kerberos tickets
   copy:
     src: kstart.service
     dest: /etc/systemd/system/kstart.service
@@ -70,14 +81,19 @@
     src: kstart.service
     dest: /etc/systemd/system/kstart.service
 
+- name: Create profiles directory
+  file:
+    path: /home/profiles
+    state: directory
+
 - name: Add mount - cifs_home
   mount:
     boot: true
     fstype: cifs
     src: "//ucilnicesmb.fri1.uni-lj.si/ucilnice_d"
-    path: /mnt/cifs_home
+    path: /remote_home
     state: mounted
-    opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,nostrictsync,cache=loose,mfsymlinks,dir_mode=0700,file_mode=0700,fsc,multiuser,x-systemd.requires=kstart.service"
+    opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,cifsacl,setuids,fsc,multiuser,actimeo=65536,nostrictsync,cache=loose,resilienthandles,noatime,x-systemd.requires=kstart.service"
 
 - name: Restart sssd
   service: