diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index 3f0ecc5..c7f6361 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -24,28 +24,28 @@
insertafter: ""
when: web_dav is defined and web_dav | length > 0
-# - name: Configure pam_mount for LMN homes
-# ansible.builtin.blockinfile:
-# dest: /etc/security/pam_mount.conf.xml
-# marker: ""
-# block: |
-# rootansibleDebian-gdmsddm{% if localuser %}{{ localuser }}{% endif %}
-#
-# insertafter: ""
-# when: not nfs4
+- name: Configure pam_mount for LMN homes
+ ansible.builtin.blockinfile:
+ dest: /etc/security/pam_mount.conf.xml
+ marker: ""
+ block: |
+ rootansibleDebian-gdmsddm{% if localuser %}{{ localuser }}{% endif %}
+
+ insertafter: ""
+ when: not nfs4
-# - name: Prepare mount point for homes
-# ansible.builtin.file:
-# path: /srv/samba/schools/default-school/
-# state: directory
-# mode: '0755'
-# when: not nfs4
+- name: Prepare mount point for homes
+ ansible.builtin.file:
+ path: /srv/samba/schools/default-school/
+ state: directory
+ mode: '0755'
+ when: not nfs4
- name: Prepare persistent user cache base directory
ansible.builtin.file:
@@ -75,11 +75,11 @@
mode: "0755"
-# - name: Clean up all user processes after logout
-# ansible.builtin.replace:
-# path: /etc/security/pam_mount.conf.xml
-# regexp: '^()$'
-# replace: '\n'
+- name: Clean up all user processes after logout
+ ansible.builtin.replace:
+ path: /etc/security/pam_mount.conf.xml
+ regexp: '^()$'
+ replace: '\n'
- name: Kill all user processes on logout
ansible.builtin.lineinfile:
@@ -112,12 +112,3 @@
state: present
fstype: nfs4
when: nfs4
-
-- name: Mount SMB home directory
- ansible.posix.mount:
- src: //fileserver.pn.steinbeis.schule/default-school
- path: /srv/samba/schools/default-school
- opts: "multiuser,sec=krb5i,mfsymlinks,nobrl,actimeo=600,cache=loose,_netdev,x-systemd.automount,x-systemd.idle-timeout=60s"
- state: present
- fstype: cifs
- when: not nfs4
diff --git a/roles/lmn_sssd/tasks/main.yml b/roles/lmn_sssd/tasks/main.yml
index c34ada6..ed44ce5 100644
--- a/roles/lmn_sssd/tasks/main.yml
+++ b/roles/lmn_sssd/tasks/main.yml
@@ -5,8 +5,6 @@
- sssd-ad
- sssd-tools
- adcli
- - kstart
- - krb5-user
- name: Provide user identities from AD
ansible.builtin.template:
@@ -24,23 +22,3 @@
when: >
ansible_cmdline.adpw | default('') | length > 0 or
adpw.user_input | default('') | length > 0
-
-- name: Set CCache file name
- ansible.builtin.lineinfile:
- dest: /etc/krb5.conf
- line: ' default_ccache_name = FILE:/tmp/krb5cc_%{uid}'
- insertbefore: '\[realms\]'
- state: present
-
-- name: Create kstart systemd service for obtaining machine ticket
- ansible.builtin.template:
- src: kstart.service.j2
- dest: /etc/systemd/system/kstart.service
- mode: '0644'
- when: not nfs4
-
-- name: Enable kstart service
- ansible.builtin.systemd:
- name: kstart.service
- enabled: true
- when: not nfs4
diff --git a/roles/lmn_sssd/templates/kstart.service.j2 b/roles/lmn_sssd/templates/kstart.service.j2
deleted file mode 100644
index 1791753..0000000
--- a/roles/lmn_sssd/templates/kstart.service.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=K5Start Kerberos Ticket Renewal
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/k5start -f /etc/krb5.keytab -K 1 -u {{ ansible_hostname | upper }}$
-
-[Install]
-WantedBy=multi-user.target
-