Add samba role
With sssd.
This commit is contained in:
parent
0907870142
commit
43b9010126
5 changed files with 184 additions and 0 deletions
29
roles/samba/templates/sssd.conf.j2
Normal file
29
roles/samba/templates/sssd.conf.j2
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
[sssd]
|
||||
# without this services get socket-activated which seems to be broken for sssd-pac
|
||||
services = nss, pac, pam
|
||||
config_file_version = 2
|
||||
|
||||
domains = {{ domain }}
|
||||
|
||||
[domain/{{ domain }}]
|
||||
id_provider = ad
|
||||
access_provider = ad
|
||||
|
||||
ad_domain = {{ domain }}
|
||||
ad_enable_gc = true
|
||||
ad_gpo_access_control = permissive
|
||||
ad_gpo_ignore_unreadable = true
|
||||
ad_update_samba_machine_account_password = true
|
||||
|
||||
krb5_realm = {{ domain | upper }}
|
||||
krb5_store_password_if_offline = true
|
||||
cache_credentials = true
|
||||
ldap_id_mapping = true
|
||||
use_fully_qualified_names = true
|
||||
|
||||
default_shell = /bin/bash
|
||||
fallback_homedir = /home/%u@%d
|
||||
|
||||
# for debugging ticket renewals
|
||||
#ad_maximum_machine_account_password_age = 1
|
||||
#ad_machine_account_password_renewal_opts = 86400:10
|
||||
Loading…
Add table
Add a link
Reference in a new issue