Dustin C. Hatch
93598145b6
In order to enable LDAPS/STARTTLS support in Samba, the `tls enabled` option must be set to `yes` and the `tls keyfile` and `tls certfile` options must be set to the path of the private key and certificate files, respectively, that Samba will use. The `samba_tls_enabled`, `samba_tls_keyfile`, and `samb_tls_certfile` Ansible variables can be used to control these values.
30 lines
727 B
Django/Jinja
30 lines
727 B
Django/Jinja
# Global parameters
|
|
[global]
|
|
netbios name = {{ ansible_hostname|upper }}
|
|
realm = {{ krb5_realm }}
|
|
server role = active directory domain controller
|
|
workgroup = {{ workgroup }}
|
|
{% if samba_is_first_dc and samba_dc_use_rfc2307 %}
|
|
idmap_ldb:use rfc2307 = yes
|
|
{% endif %}
|
|
|
|
template homedir = {{ winbind_template_homedir }}
|
|
template shell = /bin/bash
|
|
|
|
{% if samba_tls_enabled|bool %}
|
|
tls enabled = yes
|
|
tls keyfile = {{ samba_tls_keyfile }}
|
|
tls certfile = {{ samba_tls_certfile }}
|
|
{% if samba_tls_cafile is defined %}
|
|
tls cafile = {{ samba_tls_cafile }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[netlogon]
|
|
path = /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
|
|
read only = No
|
|
|
|
[sysvol]
|
|
path = /var/lib/samba/sysvol
|
|
read only = No
|