roles/winbind: Configure Samba AD membership

The *winbind* role builds upon the *samba* role to configure the machine as an Active Directory domain member.
2018-03-11 18:13:07 -05:00
parent 4546cffeba
commit 5570a94be3
9 changed files with 137 additions and 0 deletions
--- a/roles/winbind/templates/winbind.conf.j2
+++ b/roles/winbind/templates/winbind.conf.j2
@@ -0,0 +1,26 @@
+template homedir = /home/%U
+template shell = /bin/bash
+
+{% if winbind_idmap_backend is defined %}
+idmap backend = {{ winbind_idmap_backend }}
+idmap config * : backend = {{ winbind_idmap_backend }}
+{% endif %}
+idmap config * : range = {{ winbind_idmap_range }}
+
+kerberos method = {{ winbind_kerberos_method }}
+
+winbind nss info = {{ winbind_nss_info }}
+winbind use default domain = {{ 'yes' if winbind_use_default_domain else 'no' }}
+winbind offline logon = {{ 'yes' if winbind_offline_login else 'no' }}
+winbind refresh tickets = {{ 'yes' if winbind_refresh_tickets else 'no' }}
+{% if winbind_ignore_domains|d %}
+winbind:ignore domains = {{ winbind_ignore_domains|join(' ') }}
+{% endif %}
+
+client ldap sasl wrapping = seal
+
+dns proxy = no
+domain master = no
+local master = no
+preferred master = no
+os level = 0