Skip to content

Ansible role to manage krb5+sssd with ActiveDirectory

License

Notifications You must be signed in to change notification settings

fgci-org/ansible-role-adauth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Role Name

Joins linux server to MS Windows active directory and manages authentication via kerberos+sssd. Manages

  • domain join
  • kerberos setttings
  • sssd service

Tested on EL7

Requirements

Assumes network is fully configured including DNS and FQDN of the server.

Role Variables

see defaults/main.yml

siteDomain             (default: none)  : name of the dns-domain. Used in krb5.conf.
adauth_realm           (default: none)  : name of the ActiveDirectory realm
krb5_allow_weak_crypto (default: false) : allow krb5 weak crypto algorithms
ldap_user_search_base  (default: none)  : ActiveDirectory search base for users
ldap_group_search_base (default: none)  : ActiveDirectory search base for groups
keytab_root_dir        (default: none)  : network directory path to store created krb5-keytab files

Dependencies

This role is written to be standalone.

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - { role: ansible-role-adauth, tags: [ 'auth' ] }

License

Apache License Version 2.0, January 2004

Author Information

https://github.com/mhakala

About

Ansible role to manage krb5+sssd with ActiveDirectory

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Jinja 100.0%