aboutsummaryrefslogtreecommitdiff
path: root/company.example/ad-templates
diff options
context:
space:
mode:
Diffstat (limited to 'company.example/ad-templates')
-rw-r--r--company.example/ad-templates/krb5.conf.CentOS35
-rw-r--r--company.example/ad-templates/krb5.conf.FreeBSD37
-rw-r--r--company.example/ad-templates/krb5.conf.Ubuntu35
-rw-r--r--company.example/ad-templates/sssd.conf.CentOS42
-rw-r--r--company.example/ad-templates/sssd.conf.FreeBSD41
-rw-r--r--company.example/ad-templates/sssd.conf.Ubuntu42
6 files changed, 232 insertions, 0 deletions
diff --git a/company.example/ad-templates/krb5.conf.CentOS b/company.example/ad-templates/krb5.conf.CentOS
new file mode 100644
index 0000000..74570ae
--- /dev/null
+++ b/company.example/ad-templates/krb5.conf.CentOS
@@ -0,0 +1,35 @@
+# Ansible controlled filename: /etc/krb5.conf
+# Source: ansible bgstack15-ad/templates/krb5.conf.CentOS
+# Date: 2016-03-04
+# Reference: Building the Centos 7 Template.docx
+# NOTE: This file is managed via Ansible: manual changes will be lost
+
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_ccache_name = KEYRING:persistent:%{uid}
+
+ default_realm = EXAMPLE.COM
+[realms]
+ EXAMPLE.COM = {
+ kdc = dc1.example.com
+ kdc = dc2.example.com
+ kdc = dc3.example.com
+ kdc = dc4.example.com
+ admin_server = dc1.example.com
+ admin_server = dc2.example.com
+ admin_server = dc3.example.com
+ admin_server = dc4.example.com
+ }
+
+[domain_realm]
+example.com = EXAMPLE.COM
+ .example.com = EXAMPLE.COM
diff --git a/company.example/ad-templates/krb5.conf.FreeBSD b/company.example/ad-templates/krb5.conf.FreeBSD
new file mode 100644
index 0000000..e6b8a3a
--- /dev/null
+++ b/company.example/ad-templates/krb5.conf.FreeBSD
@@ -0,0 +1,37 @@
+# Ansible controlled filename: /etc/krb5.conf
+# Source: ansible bgstack15-ad/templates/krb5.conf.FreeBSD
+# Date: 2016-03-04
+# Reference: Building the Centos 7 Template.docx
+# NOTE: This file is managed via Ansible: manual changes will be lost
+
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_ccache_name = FILE:/tmp/krb5cc_%u
+ proxiable = true
+ ccache_type = 4
+
+ default_realm = EXAMPLE.COM
+[realms]
+ EXAMPLE.COM = {
+ kdc = dc1.example.com
+ kdc = dc2.example.com
+ kdc = dc3.example.com
+ kdc = dc4.example.com
+ admin_server = dc1.example.com
+ admin_server = dc2.example.com
+ admin_server = dc3.example.com
+ admin_server = dc4.example.com
+ }
+
+[domain_realm]
+example.com = EXAMPLE.COM
+ .example.com = EXAMPLE.COM
diff --git a/company.example/ad-templates/krb5.conf.Ubuntu b/company.example/ad-templates/krb5.conf.Ubuntu
new file mode 100644
index 0000000..6a4c23b
--- /dev/null
+++ b/company.example/ad-templates/krb5.conf.Ubuntu
@@ -0,0 +1,35 @@
+# Ansible controlled filename: /etc/krb5.conf
+# Source: ansible bgstack15-ad/templates/krb5.conf.Ubuntu
+# Date: 2016-03-04
+# Reference: Building the Centos 7 Template.docx
+# NOTE: This file is managed via Ansible: manual changes will be lost
+
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_ccache_name = KEYRING:persistent:%{uid}
+
+ default_realm = EXAMPLE.COM
+[realms]
+ EXAMPLE.COM = {
+ kdc = dc1.example.com
+ kdc = dc2.example.com
+ kdc = dc3.example.com
+ kdc = dc4.example.com
+ admin_server = dc1.example.com
+ admin_server = dc2.example.com
+ admin_server = dc3.example.com
+ admin_server = dc4.example.com
+ }
+
+[domain_realm]
+example.com = EXAMPLE.COM
+ .example.com = EXAMPLE.COM
diff --git a/company.example/ad-templates/sssd.conf.CentOS b/company.example/ad-templates/sssd.conf.CentOS
new file mode 100644
index 0000000..8678bd2
--- /dev/null
+++ b/company.example/ad-templates/sssd.conf.CentOS
@@ -0,0 +1,42 @@
+# Ansible-controlled filename: /etc/sssd/sssd.conf
+# Source: ansible sssd.conf.CentOS
+# Date: 2016-03-04
+# Reference: Building the Centos 7 Template.docx
+# NOTE: This file is managed via Ansible: manual changes will be lost
+
+[domain/default]
+autofs_provider = ldap
+cache_credentials = True
+krb5_realm = EXAMPLE.COM
+ldap_search_base = dc=example,dc=edu
+krb5_server = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com
+id_provider = ldap
+auth_provider = krb5
+chpass_provider = krb5
+krb5_store_password_if_offline = True
+ldap_uri = ldap://example.com
+krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com
+ldap_tls_cacertdir = /etc/openldap/cacerts
+
+[sssd]
+domains = default, example.com
+config_file_version = 2
+services = nss, pam, autofs
+
+[domain/example.com]
+ad_domain = example.com
+krb5_realm = EXAMPLE.COM
+realmd_tags = manages-system joined-with-samba
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = False
+use_fully_qualified_names = False
+fallback_homedir = /home/%d/%u
+access_provider = ad
+ad_access_filter = (&(memberOf=CN=Linux-Server-Access_grp,OU=Linux-Access,OU=Accounts-Groups,DC=example,DC=edu)(unixHomeDirectory=*))
+simple_allow_users = Alice, alice, Bob, bob
+case_sensitive = true
+ad_gpo_access_control = disabled
+[autofs]
diff --git a/company.example/ad-templates/sssd.conf.FreeBSD b/company.example/ad-templates/sssd.conf.FreeBSD
new file mode 100644
index 0000000..4b6a816
--- /dev/null
+++ b/company.example/ad-templates/sssd.conf.FreeBSD
@@ -0,0 +1,41 @@
+# Ansible-controlled filename: /etc/sssd/sssd.conf
+# Source: ansible sssd.conf.FreeBSD
+# Date: 2016-03-04
+# Reference: Building the Centos 7 Template.docx
+# NOTE: This file is managed via Ansible: manual changes will be lost
+
+[domain/default]
+autofs_provider = ldap
+cache_credentials = True
+krb5_realm = EXAMPLE.COM
+ldap_search_base = dc=example,dc=edu
+krb5_server = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com
+id_provider = ldap
+auth_provider = krb5
+chpass_provider = krb5
+krb5_store_password_if_offline = True
+ldap_uri = ldap://example.com
+krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com
+ldap_tls_cacertdir = /etc/openldap/cacerts
+
+[sssd]
+domains = default, example.com
+config_file_version = 2
+services = nss, pam
+
+[domain/example.com]
+ad_domain = example.com
+krb5_realm = EXAMPLE.COM
+realmd_tags = manages-system joined-with-samba
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = False
+use_fully_qualified_names = False
+fallback_homedir = /home/%d/%u
+access_provider = ad
+ad_access_filter = (&(memberOf=CN=Linux-Server-Access_grp,OU=Linux-Access,OU=Accounts-Groups,DC=example,DC=edu)(unixHomeDirectory=*))
+simple_allow_users = Alice, alice, Bob, bob
+case_sensitive = true
+ad_gpo_access_control = disabled
diff --git a/company.example/ad-templates/sssd.conf.Ubuntu b/company.example/ad-templates/sssd.conf.Ubuntu
new file mode 100644
index 0000000..a37f7b5
--- /dev/null
+++ b/company.example/ad-templates/sssd.conf.Ubuntu
@@ -0,0 +1,42 @@
+# Ansible-controlled filename: /etc/sssd/sssd.conf
+# Source: ansible sssd.conf.Ubuntu
+# Date: 2016-03-04
+# Reference: Building the Centos 7 Template.docx
+# NOTE: This file is managed via Ansible: manual changes will be lost
+
+[domain/default]
+autofs_provider = ldap
+cache_credentials = True
+krb5_realm = EXAMPLE.COM
+ldap_search_base = dc=example,dc=edu
+krb5_server = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com
+id_provider = ldap
+auth_provider = krb5
+chpass_provider = krb5
+krb5_store_password_if_offline = True
+ldap_uri = ldap://example.com
+krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com,dc4.example.com
+ldap_tls_cacertdir = /etc/openldap/cacerts
+
+[sssd]
+domains = default, example.com
+config_file_version = 2
+services = nss, pam, autofs
+
+[domain/example.com]
+ad_domain = example.com
+krb5_realm = EXAMPLE.COM
+realmd_tags = manages-system joined-with-samba
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = False
+use_fully_qualified_names = False
+fallback_homedir = /home/%d/%u
+access_provider = ad
+ad_access_filter = (&(memberOf=CN=Linux-Server-Access_grp,OU=Linux-Access,OU=Accounts-Groups,DC=example,DC=edu)(unixHomeDirectory=*))
+simple_allow_users = Alice, alice, Bob, bob
+case_sensitive = true
+ad_gpo_access_control = disabled
+[autofs]
bgstack15