-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
winbind
128 lines (109 loc) · 3.85 KB
/
winbind
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# -*- text -*-
#
# $Id$
# Winbind module to authenticate PAP users against Microsoft
# Active Directory or Samba, via winbind.
#
# This module is for PAP authentication (where plaintext passwords
# are sent in the User-Password attribute) only. For authenticating
# mschap requests against AD/Samba see the options available in the
# rlm_mschap module.
#
# Samba version 4.2.1 or higher is required to use this module.
winbind {
# The username to pass to winbind for authentication.
#
winbind_username = "%{User-Name}"
# The Windows Domain. While not required to be set, it is
# likely authentication will fail if it is not set correctly.
# This configuration option, as the username above, is also
# expanded before use.
#
winbind_domain = ""
# Group membership checking
#
group {
# AD username to search for group searches
#
# This should generally not include a realm, so
# Stripped-User-Name is likely the best attribute
# if it exists.
#
group_search_username = "%{%{Stripped-User-Name}:-%{User-Name}}"
# Include the domain in group searches?
#
# When this is enabled, winbind_domain is prepended to the
# username (as domain\username) before searching. This is
# generally required.
#
#group_add_domain = yes
# Attribute to use for group comparisons.
#
# This will normally be "Winbind-Group" if this instance is
# unnamed, otherwise it will be "name-Winbind-Group". The
# name of this attribute can be overridden here.
#
#group_attribute = "Winbind-Group"
}
# Information for the winbind connection pool. The configuration
# items below are the same for all modules which use the new
# connection pool.
#
pool {
# Connections to create during module instantiation.
# If the server cannot create specified number of
# connections during instantiation it will exit.
# Set to 0 to allow the server to start without the
# winbind daemon being available.
start = ${thread[pool].start_servers}
# Minimum number of connections to keep open
min = ${thread[pool].min_spare_servers}
# Maximum number of connections
#
# If these connections are all in use and a new one
# is requested, the request will NOT get a connection.
#
# Setting 'max' to LESS than the number of threads means
# that some threads may starve, and you will see errors
# like 'No connections available and at max connection limit'
#
# Setting 'max' to MORE than the number of threads means
# that there are more connections than necessary.
max = ${thread[pool].max_servers}
# Spare connections to be left idle
#
# NOTE: Idle connections WILL be closed if "idle_timeout"
# is set. This should be less than or equal to "max" above.
spare = ${thread[pool].max_spare_servers}
# Number of uses before the connection is closed
#
# 0 means "infinite"
uses = 0
# The number of seconds to wait after the server tries
# to open a connection, and fails. During this time,
# no new connections will be opened.
retry_delay = 30
# The lifetime (in seconds) of the connection
#
# NOTE: A setting of 0 means infinite (no limit).
lifetime = 86400
# The pool is checked for free connections every
# "cleanup_interval". If there are free connections,
# then one of them is closed.
cleanup_interval = 300
# The idle timeout (in seconds). A connection which is
# unused for this length of time will be closed.
#
# NOTE: A setting of 0 means infinite (no timeout).
idle_timeout = 600
# NOTE: All configuration settings are enforced. If a
# connection is closed because of "idle_timeout",
# "uses", or "lifetime", then the total number of
# connections MAY fall below "min". When that
# happens, it will open a new connection. It will
# also log a WARNING message.
#
# The solution is to either lower the "min" connections,
# or increase lifetime/idle_timeout.
}
}