Update to 2021-01-28 14:00

master
Daniel Berteaud 4 years ago
parent 92583e12d2
commit c2b5a91b2e
  1. 3
      roles/sssd_ad_auth/defaults/main.yml
  2. 5
      roles/sssd_ad_auth/tasks/main.yml

@ -11,6 +11,9 @@ ad_default_shell: /bin/false
# If access control should evaluate domain GPO. Can be disabled, eforcing or permissive. See man sssd-ad # If access control should evaluate domain GPO. Can be disabled, eforcing or permissive. See man sssd-ad
ad_gpo_access_control: permissive ad_gpo_access_control: permissive
# If set to True, ansible will re join the host to the domain
ad_force_join: False
# sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains # sssd doesn't support cross forest approbations, but we can add the Linux box to the other domains
ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}" ad_trusted_domains: "{{ samba_trusted_domains | default([]) }}"
# ad_trusted_domains: # ad_trusted_domains:

@ -29,6 +29,11 @@
template: src=krb5.conf.j2 dest=/etc/krb5.conf template: src=krb5.conf.j2 dest=/etc/krb5.conf
tags: auth tags: auth
- name: Remove current keytab
file: path=/etc/krb5.keytab state=absent
when: ad_force_join | bool
tags: auth
- name: Check if we already have our keytab file - name: Check if we already have our keytab file
stat: path=/etc/krb5.keytab stat: path=/etc/krb5.keytab
register: ad_keytab register: ad_keytab

Loading…
Cancel
Save