samba-dc: Configure samba4 winbind
The *samba-dc* role now configures `winbindd` on domain controllers to support identity mapping on the local machine. This will allow domain users to log into the domain controller itself, e.g. via SSH. The Fedora packaging of *samba4* still has some warts. Specifically, it does not have a proper SELinux policy, so some work-arounds need to be put into place in order for confined processes to communicate with winbind.
This commit is contained in:
12
group_vars/samba-dc.yml
Normal file
12
group_vars/samba-dc.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
samba_use_winbind: false
|
||||
samba_server_role: active directory domain controller
|
||||
samba_options:
|
||||
- idmap_ldb:use rfc2307: 'yes'
|
||||
|
||||
samba_shares:
|
||||
- name: sysvol
|
||||
path: /var/lib/samba/sysvol
|
||||
read_only: no
|
||||
- name: netlogon
|
||||
path: /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
|
||||
read_only: no
|
||||
Reference in New Issue
Block a user