Dustin C. Hatch
5a91cb731a
The *samba-dc* role now configures `winbindd` on domain controllers to support identity mapping on the local machine. This will allow domain users to log into the domain controller itself, e.g. via SSH. The Fedora packaging of *samba4* still has some warts. Specifically, it does not have a proper SELinux policy, so some work-arounds need to be put into place in order for confined processes to communicate with winbind.
13 lines
295 B
YAML
13 lines
295 B
YAML
samba_use_winbind: false
|
|
samba_server_role: active directory domain controller
|
|
samba_options:
|
|
- idmap_ldb:use rfc2307: 'yes'
|
|
|
|
samba_shares:
|
|
- name: sysvol
|
|
path: /var/lib/samba/sysvol
|
|
read_only: no
|
|
- name: netlogon
|
|
path: /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
|
|
read_only: no
|