configpolicy/roles/winbind/templates/winbind.conf.j2

template homedir = /home/%U
template shell = /bin/bash

idmap config * : backend = tdb
idmap config * : range = 1000000-1000999
idmap config {{ workgroup }} : backend = ad
idmap config {{ workgroup }} : range = {{ winbind_idmap_range }}
{% if winbind_nss_info == 'rfc2307' %}
idmap config {{ workgroup }} : unix_nss_info = yes
{% endif %}

kerberos method = {{ winbind_kerberos_method }}

winbind nss info = {{ winbind_nss_info }}
winbind use default domain = {{ 'yes' if winbind_use_default_domain else 'no' }}
winbind offline logon = {{ 'yes' if winbind_offline_login else 'no' }}
winbind refresh tickets = {{ 'yes' if winbind_refresh_tickets else 'no' }}
{% if winbind_ignore_domains|d %}
winbind:ignore domains = {{ winbind_ignore_domains|join(' ') }}
{% endif %}

client ldap sasl wrapping = seal

dns proxy = no
domain master = no
local master = no
preferred master = no
os level = 0