#
# =============== CID Configuration File ===============
#
#
# This file contains parameters that will be used to adapt the
# program to specific scenarios. It will rarely need to be
# change it, because the application will try to adapt automatically
# to the various contexts that are inserted.
# The parameters are defined in a parameter/value relation separated
# by the equal sign (=). NOTE THAT THERE MUST BE NO SPACES
# BETWEEN THE EQUAL SIGN THAT SEPARATES THE PARAMETER FROM ITS
# CORRESPONDING VALUE!


# Number of rows (approximately) per log file. The CID log files are:
#
#	/var/log/cid/functions.log - Logs the standard and error
#	output of the executed commands by program functions.
#
#	/var/log/cid/scripts.log - Logs the standard and error
#	output of the executed commands by logon scripts.
#
# If set to "0" the log will be disabled.

# logsize=1000


# Local user ID used as a reference by the CID to determine in which
# local groups must add the domain administrators when they first
# log on to this station, or the users that you manually add by one
# of the program's functions.

# defaultuserid=1000


# Local groups in addition to the groups related to the default local
# user that domain administrators, when they log on to this station,
# or users added manually by one of the program's functions must also
# be associated. To specify more than one group, separate each group
# name with a space.

# localgroups="audio vboxusers wireshark"


# Local groups that AD users should not be associated with.
# This can be useful to explicitly delete one or more groups
# associated with the default user that you do not want added
# to the list of groups that AD users will be associated with
# if they are domain administrators or others with privileges
# granted through of the domain account management in local
# groups of CID. To specify more than one group, separate each
# group name with a space.

# excl_localgroups="lpadmin"


# Number of IDs available for user and groups accounts for each domain
# (default and trusted domains). When the "ad winbind backend" (RFC2307)
# is enabled for the default domain, the number of IDs available for that
# domain is calculated by the difference between the values defined for
# the "max_id" and "min_id" arguments. In these cases this parameter will
# only be used for the default domain if the "max_id" argument is not
# specified, otherwise it will serve as a calculation basis for only
# the other trusted domains. Never set this to 0.

# id_range_size=100000


# Maximum number of domains. This parameter is used with the "id_range_size"
# parameter to calculate the total number of IDs that the "autorid winbind
# backend" can make available to user and group accounts of the default
# domain and other trusted domains. When the "ad winbind backend" (RFC2307)
# is enabled for the default domain, a unit of that value is subtracted and
# the total of calculated IDs will refer only to the trusted domains.
# Never set this to 0.

# max_num_domains=10


# The winbind user profile is the path where domain users' directories on the
# local file system should be created. The '%U' environment variable of the
# Samba configuration file (smb.conf) must be used for an appropriate substitution
# in the subdirectory name for the respective user. Other Samba variables can
# also be used. The path specified in this parameter will be used in the default
# configuration of the winbind backend configured by the CID and should be used for
# all users in the domain. If the AD backend configuration is being used with the
# rfc2307 nssinfo option, the user profile path must be assigned through the Unix
# attributes available in the NIS extensions for Active Directory.

# wbd_userprofile=/home/%U


# The winbind user shell is the path of the shell program that will be used by
# domain users. The path specified in this parameter will be used in the default
# configuration of the winbind backend configured by the CID and should be used
# for all users in the domain. If the AD backend configuration is being used with
# the rfc2307 nssinfo option, the user shell path must be assigned using the Unix
# attributes available in the NIS extensions for Active Directory.

# wbd_usershell=/usr/bin/bash


# This parameter specifies the fallback NTP servers that should be used by the
# system when domain controllers are out of reach. Use a space to specify more
# than one server.

# fallntpsrv="pool.ntp.org"


# This defines the time that the tolerance quota can be used after the disk quota
# value has been reached on file shares. The characters 'm', 'h', 'd', and 'w' can
# be used as units of time after an integer to specify minutes, hours, days and
# weeks respectively. If no units are specified, the value is interpreted in seconds.

# qttltime=7d


# This parameter receives a list of Kerberos Principal Names separated by spaces,
# which will be used to generate a keytab when the "Use keytab file method" behavior
# option in CID GUI or the "--use-keytab" option in cid CLI is enabled. The Principal
# Names can be specified in the following formats:
#
#	{Principal} / {Instance}: Represents the full name of a specific Kerberos Principal;
#
#	Only {Principal}: Represents the name of the principal or name of the service (SPN)
#	that will be attached to all Instances of the list, in addition to the hostname and
#	FQDN of the machine, to form full  Kerberos Principal Names;
#
#	Only /{Instance}: Represents the name of an instance (hostname) that will be attached
#	to all principal names or service names (SPN) in the list to form full  Kerberos
#	Principal Names.
#
# The principal names must not contain the part that specifies the kerberos realm (@REALM),
# as only the default realm is supported, and is appended to the principal name
# automatically by the CID. If the default value of the "keytabfile" parameter is changed,
# this parameter will be disregarded!

# krb_principal_names="host cifs ipp http"


# This allows you to use a specific keytab file when the "Use keytab file method" behavior
# option in the GUI CID or the "--use-keytab" option in the CLI cid is enabled. If the
# default value (/etc/krb5.keytab) is changed, the "krb_principal_names" parameter will be
# disregarded and CID will not manage the keytab, requiring you to make your own changes.

# keytabfile="/etc/krb5.keytab"


# Directory path that will be used as the mount point for the Netlogon
# share during the logon of domain users.

# netlogon=/mnt/cid/.netlogon


# Path of the directory that will be used to store printer drivers for
# Windows clients when printer sharing via Samba is enabled.

# prtdrvdir=/var/lib/samba/printers


# The parameters below define the configuration files and the
# directories that are modified or used by the CID to provide the
# functionality required for the system to behave as an AD domain
# workstation. Change them only if the corresponding name or path in
# your Linux distribution is different!

# Operating system identification file
# osfile=/etc/os-release

# Local system users database
# pwdfile=/etc/passwd

# Local system groups database
# grpfile=/etc/group

# Hidden passwords database for local system groups
# gsdwfile=/etc/gshadow

# Static table lookup for hostnames
# hostfile=/etc/hosts

# Name Service Switch config file
# nssfile=/etc/nsswitch.conf

# Directory of startup files in the login shell of specific applications
# profiledir=/etc/profile.d

# Directory for sudo policy files
# sudodir=/etc/sudoers.d

# Kerberos config file
# krbfile=/etc/krb5.conf

# Samba config file (CID will attempt to discover automatically with the "smbd -b" command)
# smbfile=/etc/samba/smb.conf

# NTP config file
# ntpfile=/etc/systemd/timesyncd.conf

# LightDM config file
# ldmfile=/etc/lightdm/lightdm.conf

# Pam_mount config file
# mountfile=/etc/security/pam_mount.conf.xml

# Directory of the "systemd" reserved for unit files created or customized by the system admin
# systemddir=/etc/systemd/system


# The following parameters indicate the main configuration files of the
# PAM (Pluggable Authentication Modules). By default they have already
# been defined with the names the files used in current systems based on
# Debian and Red Hat, such as Ubuntu and Fedora. If you use a different
# system,you may need to adapt these parameters. Note that for each
# parameter it is possible to enter more than one file path by enclosing
# them in quotation marks ("") separated by a single space. This is
# especially required when the system uses more than one configuration file
# for the same PAM management group to create different module stacking
# rules for certain service groups. Just as it is possible that the same
# file is used to configure more than one or all management groups.

# Authentication Management Module File(s)
# pam_auth="/etc/pam.d/common-auth /etc/pam.d/system-auth /etc/pam.d/password-auth"

# Account Management Module File(s)
# pam_account="/etc/pam.d/common-account /etc/pam.d/system-auth /etc/pam.d/password-auth"

# Password Management Module File(s)
# pam_password="/etc/pam.d/common-password /etc/pam.d/system-auth /etc/pam.d/password-auth"

# Session Management Module File(s)
# pam_session="/etc/pam.d/common-session /etc/pam.d/system-auth /etc/pam.d/password-auth"


# The add_pam_authmod parameter allows you to add pam modules to be
# processed in the authentication stack after successful authentication
# of a domain user by the pam_winbind.so module. This can be useful for
# making the authentication of some applications transparent through
# their respective pam libraries, such as pam_gnome_keyring.so or
# pam_kwallet5.so, or even for configuring two-factor authentication
# (2FA). The modules must be specified followed by the desired control
# parameters for each one after the colon (module:control). The control
# parameters that can be used are: required, requisite, sufficient and
# optional. Currently, the CID does not accept advanced control parameters.
# If no control is specified, the CID will use the optional value as
# control so that the remaining modules in the stack can be processed.
# To specify more than one module you must separate them with a blank
# space. The modules will be configured in the standard PAM configuration
# file in the same order as specified in this parameter.

# add_pam_authmod='pam_google_authenticator.so:required pam_gnome_keyring.so pam_kwallet5.so'


# This indicates the directories where the CID will check for the existence
# of files corresponding to the PAM modules specified in the add_pam_authmod
# parameter. If the library is not found, the CID will not include the module
# in the PAM configuration files.

# pam_mod_dir='/lib /lib64 /usr/lib /usr/lib64'