samba-dc: Configure samba4 winbind
The *samba-dc* role now configures `winbindd` on domain controllers to support identity mapping on the local machine. This will allow domain users to log into the domain controller itself, e.g. via SSH. The Fedora packaging of *samba4* still has some warts. Specifically, it does not have a proper SELinux policy, so some work-arounds need to be put into place in order for confined processes to communicate with winbind.
This commit is contained in:
20
roles/samba-dc/templates/smb.conf.j2
Normal file
20
roles/samba-dc/templates/smb.conf.j2
Normal file
@@ -0,0 +1,20 @@
|
||||
# Global parameters
|
||||
[global]
|
||||
netbios name = {{ ansible_hostname|upper }}
|
||||
realm = {{ krb5_realm }}
|
||||
server role = active directory domain controller
|
||||
workgroup = {{ workgroup }}
|
||||
{% if samba_is_first_dc and samba_dc_use_rfc2307 %}
|
||||
idmap_ldb:use rfc2307 = yes
|
||||
{% endif %}
|
||||
|
||||
template homedir = {{ winbind_template_homedir }}
|
||||
template shell = /bin/bash
|
||||
|
||||
[netlogon]
|
||||
path = /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
|
||||
read only = No
|
||||
|
||||
[sysvol]
|
||||
path = /var/lib/samba/sysvol
|
||||
read only = No
|
||||
Reference in New Issue
Block a user