diff options
Diffstat (limited to 'company.example/ad-templates')
-rw-r--r-- | company.example/ad-templates/krb5.conf.CentOS | 35 | ||||
-rw-r--r-- | company.example/ad-templates/krb5.conf.FreeBSD | 37 | ||||
-rw-r--r-- | company.example/ad-templates/krb5.conf.Ubuntu | 35 | ||||
-rw-r--r-- | company.example/ad-templates/sssd.conf.CentOS | 42 | ||||
-rw-r--r-- | company.example/ad-templates/sssd.conf.FreeBSD | 41 | ||||
-rw-r--r-- | company.example/ad-templates/sssd.conf.Ubuntu | 42 |
6 files changed, 232 insertions, 0 deletions
diff --git a/company.example/ad-templates/krb5.conf.CentOS b/company.example/ad-templates/krb5.conf.CentOS new file mode 100644 index 0000000..74570ae --- /dev/null +++ b/company.example/ad-templates/krb5.conf.CentOS @@ -0,0 +1,35 @@ +# Ansible controlled filename: /etc/krb5.conf +# Source: ansible bgstack15-ad/templates/krb5.conf.CentOS +# Date: 2016-03-04 +# Reference: Building the Centos 7 Template.docx +# NOTE: This file is managed via Ansible: manual changes will be lost + +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + +[libdefaults] + dns_lookup_realm = false + ticket_lifetime = 24h + renew_lifetime = 7d + forwardable = true + rdns = false + default_ccache_name = KEYRING:persistent:%{uid} + + default_realm = EXAMPLE.COM +[realms] + EXAMPLE.COM = { + kdc = dc1.example.com + kdc = dc2.example.com + kdc = dc3.example.com + kdc = dc4.example.com + admin_server = dc1.example.com + admin_server = dc2.example.com + admin_server = dc3.example.com + admin_server = dc4.example.com + } + +[domain_realm] +example.com = EXAMPLE.COM + .example.com = EXAMPLE.COM diff --git a/company.example/ad-templates/krb5.conf.FreeBSD b/company.example/ad-templates/krb5.conf.FreeBSD new file mode 100644 index 0000000..e6b8a3a --- /dev/null +++ b/company.example/ad-templates/krb5.conf.FreeBSD @@ -0,0 +1,37 @@ +# Ansible controlled filename: /etc/krb5.conf +# Source: ansible bgstack15-ad/templates/krb5.conf.FreeBSD +# Date: 2016-03-04 +# Reference: Building the Centos 7 Template.docx +# NOTE: This file is managed via Ansible: manual changes will be lost + +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + +[libdefaults] + dns_lookup_realm = false + ticket_lifetime = 24h + renew_lifetime = 7d + forwardable = true + rdns = false + default_ccache_name = FILE:/tmp/krb5cc_%u + proxiable = true + ccache_type = 4 + + default_realm = EXAMPLE.COM +[realms] + EXAMPLE.COM = { + kdc = dc1.example.com + kdc = dc2.example.com + kdc = dc3.example.com + kdc = dc4.example.com + admin_server = dc1.example.com + admin_server = dc2.example.com + admin_server = dc3.example.com + admin_server = dc4.example.com + } + +[domain_realm] +example.com = EXAMPLE.COM + .example.com = EXAMPLE.COM diff --git a/company.example/ad-templates/krb5.conf.Ubuntu b/company.example/ad-templates/krb5.conf.Ubuntu new file mode 100644 index 0000000..6a4c23b --- /dev/null +++ b/company.example/ad-templates/krb5.conf.Ubuntu @@ -0,0 +1,35 @@ +# Ansible controlled filename: /etc/krb5.conf +# Source: ansible bgstack15-ad/templates/krb5.conf.Ubuntu +# Date: 2016-03-04 +# Reference: Building the Centos 7 Template.docx +# NOTE: This file is managed via Ansible: manual changes will be lost + +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + +[libdefaults] + dns_lookup_realm = false + ticket_lifetime = 24h + renew_lifetime = 7d + forwardable = true + rdns = false + default_ccache_name = KEYRING:persistent:%{uid} + + default_realm = EXAMPLE.COM +[realms] + EXAMPLE.COM = { + kdc = dc1.example.com + kdc = dc2.example.com + kdc = dc3.example.com + kdc = dc4.example.com + admin_server = dc1.example.com + admin_server = dc2.example.com + admin_server = dc3.example.com + admin_server = dc4.example.com + } + +[domain_realm] +example.com = EXAMPLE.COM + .example.com = EXAMPLE.COM diff --git a/company.example/ad-templates/sssd.conf.CentOS b/company.example/ad-templates/sssd.conf.CentOS new file mode 100644 index 0000000..8678bd2 --- /dev/null +++ b/company.example/ad-templates/sssd.conf.CentOS @@ -0,0 +1,42 @@ +# Ansible-controlled filename: /etc/sssd/sssd.conf +# Source: ansible sssd.conf.CentOS +# Date: 2016-03-04 +# Reference: Building the Centos 7 Template.docx +# NOTE: This file is managed via Ansible: manual changes will be lost + +[domain/default] +autofs_provider = ldap +cache_credentials = True +krb5_realm = EXAMPLE.COM +ldap_search_base = dc=example,dc=edu +krb5_server = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com +id_provider = ldap +auth_provider = krb5 +chpass_provider = krb5 +krb5_store_password_if_offline = True +ldap_uri = ldap://example.com +krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com +ldap_tls_cacertdir = /etc/openldap/cacerts + +[sssd] +domains = default, example.com +config_file_version = 2 +services = nss, pam, autofs + +[domain/example.com] +ad_domain = example.com +krb5_realm = EXAMPLE.COM +realmd_tags = manages-system joined-with-samba +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = False +use_fully_qualified_names = False +fallback_homedir = /home/%d/%u +access_provider = ad +ad_access_filter = (&(memberOf=CN=Linux-Server-Access_grp,OU=Linux-Access,OU=Accounts-Groups,DC=example,DC=edu)(unixHomeDirectory=*)) +simple_allow_users = Alice, alice, Bob, bob +case_sensitive = true +ad_gpo_access_control = disabled +[autofs] diff --git a/company.example/ad-templates/sssd.conf.FreeBSD b/company.example/ad-templates/sssd.conf.FreeBSD new file mode 100644 index 0000000..4b6a816 --- /dev/null +++ b/company.example/ad-templates/sssd.conf.FreeBSD @@ -0,0 +1,41 @@ +# Ansible-controlled filename: /etc/sssd/sssd.conf +# Source: ansible sssd.conf.FreeBSD +# Date: 2016-03-04 +# Reference: Building the Centos 7 Template.docx +# NOTE: This file is managed via Ansible: manual changes will be lost + +[domain/default] +autofs_provider = ldap +cache_credentials = True +krb5_realm = EXAMPLE.COM +ldap_search_base = dc=example,dc=edu +krb5_server = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com +id_provider = ldap +auth_provider = krb5 +chpass_provider = krb5 +krb5_store_password_if_offline = True +ldap_uri = ldap://example.com +krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com +ldap_tls_cacertdir = /etc/openldap/cacerts + +[sssd] +domains = default, example.com +config_file_version = 2 +services = nss, pam + +[domain/example.com] +ad_domain = example.com +krb5_realm = EXAMPLE.COM +realmd_tags = manages-system joined-with-samba +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = False +use_fully_qualified_names = False +fallback_homedir = /home/%d/%u +access_provider = ad +ad_access_filter = (&(memberOf=CN=Linux-Server-Access_grp,OU=Linux-Access,OU=Accounts-Groups,DC=example,DC=edu)(unixHomeDirectory=*)) +simple_allow_users = Alice, alice, Bob, bob +case_sensitive = true +ad_gpo_access_control = disabled diff --git a/company.example/ad-templates/sssd.conf.Ubuntu b/company.example/ad-templates/sssd.conf.Ubuntu new file mode 100644 index 0000000..a37f7b5 --- /dev/null +++ b/company.example/ad-templates/sssd.conf.Ubuntu @@ -0,0 +1,42 @@ +# Ansible-controlled filename: /etc/sssd/sssd.conf +# Source: ansible sssd.conf.Ubuntu +# Date: 2016-03-04 +# Reference: Building the Centos 7 Template.docx +# NOTE: This file is managed via Ansible: manual changes will be lost + +[domain/default] +autofs_provider = ldap +cache_credentials = True +krb5_realm = EXAMPLE.COM +ldap_search_base = dc=example,dc=edu +krb5_server = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com +id_provider = ldap +auth_provider = krb5 +chpass_provider = krb5 +krb5_store_password_if_offline = True +ldap_uri = ldap://example.com +krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com +ldap_tls_cacertdir = /etc/openldap/cacerts + +[sssd] +domains = default, example.com +config_file_version = 2 +services = nss, pam, autofs + +[domain/example.com] +ad_domain = example.com +krb5_realm = EXAMPLE.COM +realmd_tags = manages-system joined-with-samba +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = False +use_fully_qualified_names = False +fallback_homedir = /home/%d/%u +access_provider = ad +ad_access_filter = (&(memberOf=CN=Linux-Server-Access_grp,OU=Linux-Access,OU=Accounts-Groups,DC=example,DC=edu)(unixHomeDirectory=*)) +simple_allow_users = Alice, alice, Bob, bob +case_sensitive = true +ad_gpo_access_control = disabled +[autofs] |