diff --git a/roles/kerberize/tasks/main.yml b/roles/kerberize/tasks/main.yml index dc4d9c4..8f9b755 100644 --- a/roles/kerberize/tasks/main.yml +++ b/roles/kerberize/tasks/main.yml @@ -18,7 +18,7 @@ insertafter: "# GSSAPIDelegateCredentials no" -- name: check if firewox is available +- name: check if firefox is available stat: path=/etc/firefox-esr/firefox-esr.js register: firefox diff --git a/roles/lan-client/defaults/main.yml b/roles/lan-client/defaults/main.yml index 7c62cce..81690e1 100644 --- a/roles/lan-client/defaults/main.yml +++ b/roles/lan-client/defaults/main.yml @@ -3,3 +3,5 @@ basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | rep ldap_server: ldap krb_server: kerberos nfs_server: nfs +min_id_sssd: 5000 +max_id_sssd: 20000 diff --git a/roles/lan-client/templates/sssd.conf.j2 b/roles/lan-client/templates/sssd.conf.j2 index 2d4f287..90e5410 100644 --- a/roles/lan-client/templates/sssd.conf.j2 +++ b/roles/lan-client/templates/sssd.conf.j2 @@ -19,5 +19,5 @@ krb5_server = {{ krb_server }} krb5_realm = {{ ansible_domain | upper }} cache_credentials = true -min_id = 10000 -max_id = 20000 +min_id = {{ min_id_sssd }} +max_id = {{ max_id_sssd }} diff --git a/roles/ldap/defaults/main.yml b/roles/ldap/defaults/main.yml index 141c21f..1400020 100644 --- a/roles/ldap/defaults/main.yml +++ b/roles/ldap/defaults/main.yml @@ -2,3 +2,6 @@ ldap_admin_pwd: "{{ lookup('password', '/tmp/ldap_admin.pwd length=24') }}" ldap_admin_pwd_file: "/root/ldap-admin.pwd" basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}" lan_homes: /home/lan +min_id: 10000 +max_id: 20000 +ldapuser_gid: 8000 diff --git a/roles/ldap/templates/debian-lan.j2 b/roles/ldap/templates/debian-lan.j2 index 3dbf3c7..cb9d790 100644 --- a/roles/ldap/templates/debian-lan.j2 +++ b/roles/ldap/templates/debian-lan.j2 @@ -57,8 +57,8 @@ elif [ $1 = adduser -a $# -lt 3 ] ; then exit 1 fi -MINID=10000 -MAXID=20000 +MINID={{ min_id }} +MAXID={{ max_id }} HOMES="{{ lan_homes }}" COMMAND="$1" diff --git a/roles/nfs-server/defaults/main.yml b/roles/nfs-server/defaults/main.yml index 49adf7c..456b8e5 100644 --- a/roles/nfs-server/defaults/main.yml +++ b/roles/nfs-server/defaults/main.yml @@ -1,3 +1,6 @@ export_root: /srv/nfs4 lan_homes: /home/lan basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}" +min_id: 10000 +min_id_sssd: 5000 +max_id_sssd: 20000 diff --git a/roles/nfs-server/tasks/main.yml b/roles/nfs-server/tasks/main.yml index 845944b..950fde1 100644 --- a/roles/nfs-server/tasks/main.yml +++ b/roles/nfs-server/tasks/main.yml @@ -67,7 +67,7 @@ when: kadmin.stat.exists - name: copy home from /etc/skel for dummy user foo - shell: cp -r /etc/skel {{ lan_homes }}/foo && chmod -R o-rwx {{ lan_homes }}/foo && chown -R 10000:10000 {{ lan_homes }}/foo + shell: cp -r /etc/skel {{ lan_homes }}/foo && chmod -R o-rwx {{ lan_homes }}/foo && chown -R {{ min_id }}:{{ min_id }} {{ lan_homes }}/foo args: creates: "{{ lan_homes }}/foo" when: foo_pwd is defined and foo_pwd | length > 0 diff --git a/roles/nfs-server/templates/sssd.conf.j2 b/roles/nfs-server/templates/sssd.conf.j2 index 40fba97..48eae04 100644 --- a/roles/nfs-server/templates/sssd.conf.j2 +++ b/roles/nfs-server/templates/sssd.conf.j2 @@ -19,5 +19,5 @@ krb5_server = {{ ansible_hostname }} krb5_realm = {{ ansible_domain | upper }} cache_credentials = false -min_id = 10000 -max_id = 20000 +min_id = {{ min_id_sssd }} +max_id = {{ max_id_sssd }}