servers/roles/samba/templates/sssd.conf.j2

[sssd]
# without this services get socket-activated which seems to be broken for sssd-pac
services = nss, pac, pam
config_file_version = 2

domains = {{ domain }}

[domain/{{ domain }}]
id_provider = ad
access_provider = ad

ad_domain = {{ domain }}
ad_enable_gc = true
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = true
ad_update_samba_machine_account_password = true

krb5_realm = {{ domain | upper }}
krb5_store_password_if_offline = true
cache_credentials = true
ldap_id_mapping = true
use_fully_qualified_names = true

default_shell = /bin/bash
fallback_homedir = /home/%u@%d

# for debugging ticket renewals
#ad_maximum_machine_account_password_age = 1
#ad_machine_account_password_renewal_opts = 86400:10
Add samba role With sssd. 2024-05-22 18:50:34 +00:00			`[sssd]`
			`# without this services get socket-activated which seems to be broken for sssd-pac`
			`services = nss, pac, pam`
			`config_file_version = 2`

			`domains = {{ domain }}`

			`[domain/{{ domain }}]`
			`id_provider = ad`
			`access_provider = ad`

			`ad_domain = {{ domain }}`
			`ad_enable_gc = true`
			`ad_gpo_access_control = permissive`
			`ad_gpo_ignore_unreadable = true`
			`ad_update_samba_machine_account_password = true`

			`krb5_realm = {{ domain \| upper }}`
			`krb5_store_password_if_offline = true`
			`cache_credentials = true`
			`ldap_id_mapping = true`
			`use_fully_qualified_names = true`

			`default_shell = /bin/bash`
			`fallback_homedir = /home/%u@%d`

			`# for debugging ticket renewals`
			`#ad_maximum_machine_account_password_age = 1`
			`#ad_machine_account_password_renewal_opts = 86400:10`