roles/nsswitch: Configure glibc name service
The *nsswitch* role can be used to configure the name service switch on glibc-based distributions, including Gentoo, Fedora, and CentOS. It is specifically focused on Active Directory authentication via Samba/Winbind.jenkins-master
parent
61b918242a
commit
7217c1c8a0
|
|
@ -0,0 +1,17 @@
|
|||
- name: load distribution-specific variables
|
||||
include_vars: '{{ item }}'
|
||||
with_first_found:
|
||||
- '{{ ansible_distribution }}.yml'
|
||||
- '{{ ansible_os_family }}.yml'
|
||||
- defaults.yml
|
||||
|
||||
- name: ensure nsswitch is configured
|
||||
template:
|
||||
src={{ item }}
|
||||
dest=/etc/nsswitch.conf
|
||||
mode=644
|
||||
owner=root
|
||||
group=root
|
||||
with_first_found:
|
||||
- '{{ ansible_distribution }}.nsswitch.conf.j2'
|
||||
- default.nsswitch.conf.j2
|
||||
|
|
@ -0,0 +1,64 @@
|
|||
#
|
||||
# /etc/nsswitch.conf
|
||||
#
|
||||
# An example Name Service Switch config file. This file should be
|
||||
# sorted with the most-used services at the beginning.
|
||||
#
|
||||
# The entry '[NOTFOUND=return]' means that the search for an
|
||||
# entry should stop if the search in the previous entry turned
|
||||
# up nothing. Note that if the search failed due to some other reason
|
||||
# (like no NIS server responding) then the search continues with the
|
||||
# next entry.
|
||||
#
|
||||
# Valid entries include:
|
||||
#
|
||||
# nisplus Use NIS+ (NIS version 3)
|
||||
# nis Use NIS (NIS version 2), also called YP
|
||||
# dns Use DNS (Domain Name Service)
|
||||
# files Use the local files
|
||||
# db Use the local database (.db) files
|
||||
# compat Use NIS on compat mode
|
||||
# hesiod Use Hesiod for user lookups
|
||||
# [NOTFOUND=return] Stop searching if not found so far
|
||||
#
|
||||
|
||||
# To use db, put the "db" in front of "files" for entries you want to be
|
||||
# looked up first in the databases
|
||||
#
|
||||
# Example:
|
||||
#passwd: db files nisplus nis
|
||||
#shadow: db files nisplus nis
|
||||
#group: db files nisplus nis
|
||||
|
||||
passwd: {{ nsswitch_passwd|reject("equalto", "")|join(' ') }}
|
||||
shadow: {{ nsswitch_shadow|reject("equalto", "")|join(' ') }}
|
||||
group: {{ nsswitch_group|reject("equalto", "")|join(' ') }}
|
||||
#initgroups: files sss
|
||||
|
||||
#hosts: db files nisplus nis dns
|
||||
hosts: {{ nsswitch_hosts|reject("equalto", "")|join(' ') }}
|
||||
|
||||
# Example - obey only what nisplus tells us...
|
||||
#services: nisplus [NOTFOUND=return] files
|
||||
#networks: nisplus [NOTFOUND=return] files
|
||||
#protocols: nisplus [NOTFOUND=return] files
|
||||
#rpc: nisplus [NOTFOUND=return] files
|
||||
#ethers: nisplus [NOTFOUND=return] files
|
||||
#netmasks: nisplus [NOTFOUND=return] files
|
||||
|
||||
bootparams: nisplus [NOTFOUND=return] files
|
||||
|
||||
ethers: files
|
||||
netmasks: files
|
||||
networks: files
|
||||
protocols: files
|
||||
rpc: files
|
||||
services: files sss
|
||||
|
||||
netgroup: nisplus sss
|
||||
|
||||
publickey: nisplus
|
||||
|
||||
automount: files nisplus sss
|
||||
aliases: files nisplus
|
||||
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
#
|
||||
# /etc/nsswitch.conf
|
||||
#
|
||||
# An example Name Service Switch config file. This file should be
|
||||
# sorted with the most-used services at the beginning.
|
||||
#
|
||||
# The entry '[NOTFOUND=return]' means that the search for an
|
||||
# entry should stop if the search in the previous entry turned
|
||||
# up nothing. Note that if the search failed due to some other reason
|
||||
# (like no NIS server responding) then the search continues with the
|
||||
# next entry.
|
||||
#
|
||||
# Valid entries include:
|
||||
#
|
||||
# nisplus Use NIS+ (NIS version 3)
|
||||
# nis Use NIS (NIS version 2), also called YP
|
||||
# dns Use DNS (Domain Name Service)
|
||||
# files Use the local files
|
||||
# db Use the local database (.db) files
|
||||
# compat Use NIS on compat mode
|
||||
# hesiod Use Hesiod for user lookups
|
||||
# [NOTFOUND=return] Stop searching if not found so far
|
||||
#
|
||||
|
||||
# To use db, put the "db" in front of "files" for entries you want to be
|
||||
# looked up first in the databases
|
||||
#
|
||||
# Example:
|
||||
#passwd: db files nisplus nis
|
||||
#shadow: db files nisplus nis
|
||||
#group: db files nisplus nis
|
||||
|
||||
passwd: {{ nsswitch_passwd|reject("equalto", "")|join(' ') }} systemd
|
||||
shadow: {{ nsswitch_shadow|reject("equalto", "")|join(' ') }}
|
||||
group: {{ nsswitch_group|reject("equalto", "")|join(' ') }} systemd
|
||||
|
||||
#hosts: db files nisplus nis dns
|
||||
hosts: {{ nsswitch_hosts|reject("equalto", "")|join(' ') }}
|
||||
|
||||
# Example - obey only what nisplus tells us...
|
||||
#services: nisplus [NOTFOUND=return] files
|
||||
#networks: nisplus [NOTFOUND=return] files
|
||||
#protocols: nisplus [NOTFOUND=return] files
|
||||
#rpc: nisplus [NOTFOUND=return] files
|
||||
#ethers: nisplus [NOTFOUND=return] files
|
||||
#netmasks: nisplus [NOTFOUND=return] files
|
||||
|
||||
bootparams: nisplus [NOTFOUND=return] files
|
||||
|
||||
ethers: files
|
||||
netmasks: files
|
||||
networks: files
|
||||
protocols: files
|
||||
rpc: files
|
||||
services: files sss
|
||||
|
||||
netgroup: nisplus sss
|
||||
|
||||
publickey: nisplus
|
||||
|
||||
automount: files nisplus
|
||||
aliases: files nisplus
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
nsswitch_passwd:
|
||||
- files
|
||||
- '{{ "winbind" if nss_winbind|d else "sss" }}'
|
||||
nsswitch_shadow:
|
||||
- files
|
||||
nsswitch_group:
|
||||
- files
|
||||
- '{{ "winbind" if nss_winbind|d else "sss" }}'
|
||||
nsswitch_hosts:
|
||||
- files
|
||||
- '{% if nss_avahi|d %}mdns_minimal [NOTFOUND=return]{% endif %}'
|
||||
- dns
|
||||
- myhostname
|
||||
Loading…
Reference in New Issue