This repository was archived by the owner on Dec 12, 2024. It is now read-only.
forked from saltstack-formulas/samba-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefaults.yaml
executable file
·113 lines (105 loc) · 3.5 KB
/
defaults.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# -*- coding: utf-8 -*-
# vim: ft=jinja
{% set default_realm=salt['pillar.get']('samba:winbind:krb5_default_realm', 'EXAMPLE.COM')%}
{% set default_workgroup=salt['pillar.get']('samba:conf:sections:global:workgroup', 'EXAMPLE')%}
# Default lookup dictionary
samba:
role: ROLE_STANDALONE
server: samba
config: /etc/samba/smb.conf
config_src: salt://samba/files/smb.conf
root_group: root
conf:
render:
#### Inherit these as smb.conf defaults.
section_order: ['global', 'homes', 'printers', 'sharename',]
include_skeleton: yes
include_unordered_sections: no #best default value
sections:
global:
## samba.role: ROLE_STANDALONE (default)
workgroup: {{ default_workgroup }}
server string: "Samba Server %v"
log file: "/var/log/samba/%m.log"
max log size: 50
dns proxy: no
load printers: yes
printing: cups
printcap name: cups
security: user
hosts allow: 127. 10. 192.168.
bind interfaces only: no
usershare allow guests: no
global_role_domain_member:
## samba.role: ROLE_DOMAIN_MEMBER
realm: {{ default_realm }}
security: ADS
client signing: yes
client use spnego: yes
encrypt passwords: yes
# idmap config for this domain
"idmap config * : range": 16777216-33554431
#"idmap config * : backend": ad
"idmap config * : schema_mode": rfc2307
kerberos method: secrets and keytab
template shell: /bin/bash
template homedir: /home/%U
os level: 2
winbind enum users: yes
winbind enum groups: yes
winbind expand groups: 0
winbind use default domain: yes
winbind refresh tickets: no
winbind offline logon: no
winbind cache time: 10
winbind nested groups: True
wins support: True
socket options: SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
domain master: no
local master: no
preferred master: no
username map: /etc/samba/aduser.map
homes:
comment: "Home Directories"
browseable: no
read only: No
inherit acls: No
writeable: yes
printers:
comment: "All Printers"
path: /var/lib/samba/drivers
browseable: no
guest ok: yes
writeable: no
printable: yes
#printer admin: root, '@ntadmins', '@smbprintadm'
users:
preinstall:
cmd:
osreleases: []
winbind:
krb5_default_realm: {{ default_realm }}
pam_mkhomedir_src: salt://samba/files/mkhomedir
usermap: /etc/samba/aduser.map
usermap_src: salt://samba/files/aduser.map
pam_winbind:
config: /etc/security/pam_winbind.conf
config_src: salt://samba/files/pam_winbind.conf
global:
debug: no
debug_state: no
cached_login: no
krb5_auth: yes
krb5_ccache_type: FILE
require_membership_of:
warn_pwd_expire: 14
silent: no
mkhomedir: yes
nsswitch:
regex:
{% raw %}
- ['hostsMdns', '^(?!#).*(?<!#|\w)(host.*:.*files\s)(mdns4?_minimal.*\]\s*)(dns.*$)', '\1 \3',]
- ['passwd', '^(?!#).*(?<!#|\w)(passwd.*:.*(files|compat))(?!.*winbind)(.*$)(?<!winbind)', '\1 winbind \3',]
- ['group', '^(?!#|net).*(?<!#|\w)(group.*:.*(files|compat))(?!.*winbind)(.*$)(?<!winbind)', '\1 winbind \3',]
- ['hostsWins', '^(?!#).*(?<!#|\w)(host.*:.*files\s)(?!.*wins)(.*$)(?<!wins)', '\1wins \2',]
{% endraw %}