move samba roles to roles directory

2021-08-26 14:29:25 -04:00
parent ab9c9281d8
commit 21612189e0
28 changed files with 0 additions and 0 deletions
--- a/roles/role-samba4-primary-ad-dc/templates/adc/smb.conf.j2
+++ b/roles/role-samba4-primary-ad-dc/templates/adc/smb.conf.j2
@@ -0,0 +1,16 @@
+# Global parameters
+[global]
+        dns forwarder = {{ smb_dns_forwarder }}
+        netbios name = {{ ansible_hostname }}
+        realm = {{ smb_realm }}
+        server role = active directory domain controller
+        workgroup = {{ smb_workgroup }}
+        idmap_ldb:use rfc2307 = yes
+
+[netlogon]
+        path = /var/lib/samba/sysvol/{{ smb_realm }}/scripts
+        read only = No
+
+[sysvol]
+        path = /var/lib/samba/sysvol
+        read only = No
--- a/roles/role-samba4-primary-ad-dc/templates/domain-admins.j2
+++ b/roles/role-samba4-primary-ad-dc/templates/domain-admins.j2
@@ -0,0 +1 @@
+%domain\ admins ALL=(ALL:ALL) ALL
--- a/roles/role-samba4-primary-ad-dc/templates/nsswitch.conf.j2
+++ b/roles/role-samba4-primary-ad-dc/templates/nsswitch.conf.j2
@@ -0,0 +1,20 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd:         compat winbind
+group:          compat winbind
+shadow:         compat winbind
+gshadow:        files
+
+hosts:          files dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
--- a/roles/role-samba4-primary-ad-dc/templates/pam_winbind.conf.j2
+++ b/roles/role-samba4-primary-ad-dc/templates/pam_winbind.conf.j2
@@ -0,0 +1,41 @@
+#
+# pam_winbind configuration file
+#
+# /etc/security/pam_winbind.conf
+#
+# For more details see man pam_winbind.conf(5)
+
+[global]
+
+# turn on debugging
+;debug = no
+
+# turn on extended PAM state debugging
+;debug_state = no
+
+# request a cached login if possible
+# (needs "winbind offline logon = yes" in smb.conf)
+;cached_login = no
+cached_login = yes
+
+# authenticate using kerberos
+;krb5_auth = no
+
+# when using kerberos, request a "FILE" or "DIR" krb5 credential cache type
+# (leave empty to just do krb5 authentication but not have a ticket
+# afterwards)
+;krb5_ccache_type =
+
+# make successful authentication dependend on membership of one SID
+# (can also take a name)
+;require_membership_of =
+
+# password expiry warning period in days
+;warn_pwd_expire = 14
+warn_pwd_expire = 21
+
+# omit pam conversations
+;silent = no
+
+# create homedirectory on the fly
+;mkhomedir = no