Jose
2a5e29ce42
Refactored the ntp configuration to include AD domain controllers, updated winbind settings for local BUILTIN accounts, and enabled SMB service with proper ID mapping.
28 lines
1014 B
Django/Jinja
28 lines
1014 B
Django/Jinja
[global]
|
|
workgroup = {{ ad_realm.split('.')[0] }}
|
|
security = ads
|
|
realm = {{ ad_realm }}
|
|
|
|
# users will be in the form username instead of DOMAIN\username.
|
|
winbind use default domain = true
|
|
|
|
winbind offline logon = false
|
|
dedicated keytab file = /etc/krb5.keytab
|
|
kerberos method = secrets and keytab
|
|
|
|
# Default ID mapping configuration for local BUILTIN accounts
|
|
# and groups on a domain member. The default (*) domain:
|
|
# - must not overlap with any domain ID mapping configuration!
|
|
# - must use a read-write-enabled back end, such as tdb.
|
|
idmap config * : backend = tdb
|
|
idmap config * : range = 3000-7999
|
|
|
|
# - You must set a DOMAIN backend configuration
|
|
# idmap config for the {{ ad_realm.split('.')[0] }} domain
|
|
idmap config {{ ad_realm.split('.')[0] }} : backend = rid
|
|
idmap config {{ ad_realm.split('.')[0] }} : range = 10000-999999
|
|
|
|
# Template settings for login shell and home directory
|
|
template shell = /bin/bash
|
|
template homedir = /home/%U
|