#  -*- text -*-
#
#
#  $Id: ae8da461de0d32f2f45956716d93d8cf69b0be7e $

#######################################################################
#
#  = WinModule
#
#  The `winbind` module authenticate PAP passwords against Microsoft Active
#  Directory or Samba, via the winbind API.
#
#  This module is for PAP authentication (where plaintext passwords
#  are sent in the `User-Password` attribute) only. For authenticating
#  `mschap` requests against AD/Samba see the options available in the
#  `rlm_mschap` module.
#
#  NOTE: Samba version 4.2.1 or higher is required to use this module.
#

#
#  ## Configuration Settings
#
winbind {
	#
	#  username:: The username to pass to `winbind` for authentication.
	#
	username = "%{&Stripped-User-Name || &User-Name}"

	#
	#  domain:: The windows domain.
	#
	#  While not required to be set, it is likely that authentication will fail
	#  if it is not set correctly.
	#
	#  This configuration option, as the username above, is also expanded before use.
	#
	#  If unset then winbind will be queried for the correct value. If you
	#  actually want it blank it should be explicitly set here.
	#
#	domain = ""

	#
	#  group { ... }:: Group membership checking.
	#
	#  Groups can be checked via the expansion `%winbind.group(<name>)`
	#
	group {
		#
		#  search_username:: AD username to search for group searches.
		#
		#  This should generally not include a realm, so `Stripped-User-Name`
		#  is likely the best attribute if it exists.
		#
		search_username = "%{&Stripped-User-Name || &User-Name}"

		#
		#  add_domain:: Include the domain in group searches.
		#
		#  When this is enabled, winbind_domain is prepended to the
		#  username (as `domain\username`) before searching. This is
		#  generally required.
		#
#		add_domain = yes
	}

	#
	#  .Reusable Handles
	#
	#  Reusable connection handles are allocated in blocks.  These
	#  parameters allow for tuning how that is done.
	#
	reuse {
		#
		#  min:: The minimum number of connection handles to
		#  keep allocated
		#
#		min = 10

		#
		#  max:: The maximum number of reusable connection
		#  handles to allocate.
		#
#		max = 100

		#
		#  cleanup_interval:: How often to free un-used
		#  connection handles.
		#
#		cleanup_interval = 30s
	}
}
