role and playbooks to configure samba file server Domain joins are supported Clustered Samba via CTDB is supported
redhat
- krb5-workstation
ubuntu
- krb5-user
Methods to join domain server are:
- Pure Winbind - use when only windows clients, or if NTLM login is needed
- SSSD + Winbind - use when mixed linux (NFS/CIFS(SMB)) and windows (SMB) clients via cifs/smb See "domain_join.md" for more details
Options are:
- kerberos
- Domain join is done with kerberos credentials. Credentials must be generated before running playbook.
kinit <user>@<realm>- Options 'join_user' and 'join_password' are not required and are ignored when kerberos is selected
- password
- Uses plaintext password to join domain.
- 'join_user' and 'join_password' must be specified
- when auto_idmapping is true and join_method is sssd, idmap backend is set to 'sss' and 'ldap_idmapping' is set to true is /etc/sssd/sssd.conf
- when auto_idmapping is true and join_method is winbind, idmap backend is set to 'rid'
- when auto_idmapping is false and join_method is sssd, idmap backend is set to 'sss' and 'ldap_idmapping' is set to false is /etc/sssd/sssd.conf
- when auto_idmapping is false and join_method is winbind, idmap backend is set to 'ad', and idmap mode is set to rfc2307
auto_id_mapping: true
enumerate_ids: false
fully_qualified_names: false
enable_windows_acl: true