├── .github ├── stale.yml └── workflows │ └── default.yml ├── .gitignore ├── .gitlab-ci.yml ├── .travis.yml ├── .yamllint ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── CONTRIBUTORS.md ├── LICENSE.md ├── README.md ├── defaults └── main.yml ├── files └── .gitkeep ├── handlers └── main.yml ├── meta └── main.yml ├── molecule ├── centos7 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── centos8 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── debian10 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── debian8 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── debian9 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── fedora │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── shared │ ├── converge.yml │ └── verify.yml ├── ubuntu1604 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml └── ubuntu1804 │ ├── INSTALL.rst │ ├── molecule.yml │ └── verify.yml ├── playbook.yml ├── requirements-dev.txt ├── requirements.txt ├── requirements.yml ├── tasks ├── config_samba.yml ├── create_domain.yml ├── create_shares.yml ├── debian.yml ├── domain_groups.yml ├── domain_users.yml ├── join_domain.yml ├── main.yml ├── samba_groups.yml └── samba_users.yml ├── templates ├── .gitkeep └── etc │ ├── krb5.conf.j2 │ └── samba │ ├── smb.conf.j2 │ └── smb.conf.orig └── vars └── main.yml /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Number of days of inactivity before an issue becomes stale 2 | daysUntilStale: 60 3 | # Number of days of inactivity before a stale issue is closed 4 | daysUntilClose: 7 5 | # Issues with these labels will never be considered stale 6 | exemptLabels: 7 | - pinned 8 | - security 9 | # Label to use when marking an issue as stale 10 | staleLabel: wontfix 11 | # Comment to post when marking an issue as stale. Set to `false` to disable 12 | markComment: > 13 | This issue has been automatically marked as stale because it has not had 14 | recent activity. It will be closed if no further activity occurs. Thank you 15 | for your contributions. 16 | # Comment to post when closing a stale issue. Set to `false` to disable 17 | closeComment: false 18 | -------------------------------------------------------------------------------- /.github/workflows/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Molecule Test 3 | on: push 4 | jobs: 5 | build: 6 | runs-on: ubuntu-latest 7 | strategy: 8 | max-parallel: 4 9 | matrix: 10 | python-version: [3.5, 3.6, 3.7] 11 | 12 | steps: 13 | - uses: actions/checkout@v1 14 | with: 15 | path: ansible-samba 16 | - name: Set up Python ${{ matrix.python-version }} 17 | uses: actions/setup-python@v1 18 | with: 19 | python-version: ${{ matrix.python-version }} 20 | - name: Install dependencies 21 | run: | 22 | sudo apt install docker 23 | python -m pip install --upgrade pip 24 | pip3 install -r requirements.txt 25 | ansible --version 26 | molecule --version 27 | - name: Test with molecule 28 | run: | 29 | # molecule test --scenario-name centos7 30 | # molecule test --scenario-name centos8 31 | # molecule test --scenario-name debian8 32 | molecule test --scenario-name debian9 33 | molecule test --scenario-name debian10 34 | # molecule test --scenario-name fedora 35 | molecule test --scenario-name ubuntu1604 36 | molecule test --scenario-name ubuntu1804 37 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | venv/ 2 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | image: docker:git 3 | 4 | services: 5 | - docker:dind 6 | 7 | before_script: 8 | - apk update && apk add --no-cache docker 9 | python3-dev py3-pip docker gcc git curl build-base 10 | autoconf automake py3-cryptography linux-headers 11 | musl-dev libffi-dev openssl-dev openssh 12 | - docker info 13 | - python3 --version 14 | - pip3 install -r requirements.txt 15 | - ansible --version 16 | - molecule --version 17 | 18 | molecule: 19 | stage: test 20 | script: 21 | # - molecule test --scenario-name centos7 22 | # - molecule test --scenario-name centos8 23 | # - molecule test --scenario-name debian8 24 | - molecule test --scenario-name debian9 25 | - molecule test --scenario-name debian10 26 | # - molecule test --scenario-name fedora 27 | - molecule test --scenario-name ubuntu1604 28 | - molecule test --scenario-name ubuntu1804 29 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: required 3 | language: python 4 | services: 5 | - docker 6 | before_install: 7 | - sudo apt-get -qq update 8 | install: 9 | - pip3 install -r requirements.txt 10 | - ansible --version 11 | - molecule --version 12 | script: 13 | # - molecule test --scenario-name centos7 14 | # - molecule test --scenario-name centos8 15 | # - molecule test --scenario-name debian8 16 | - molecule test --scenario-name debian9 17 | - molecule test --scenario-name debian10 18 | # - molecule test --scenario-name fedora 19 | - molecule test --scenario-name ubuntu1604 20 | - molecule test --scenario-name ubuntu1804 21 | notifications: 22 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 23 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | ignore: | 6 | venv/ 7 | 8 | rules: 9 | braces: 10 | max-spaces-inside: 1 11 | level: error 12 | brackets: 13 | max-spaces-inside: 1 14 | level: error 15 | colons: 16 | max-spaces-after: -1 17 | level: error 18 | commas: 19 | max-spaces-after: -1 20 | level: error 21 | comments: disable 22 | comments-indentation: disable 23 | document-start: disable 24 | empty-lines: 25 | max: 3 26 | level: error 27 | hyphens: 28 | level: error 29 | indentation: disable 30 | key-duplicates: enable 31 | line-length: disable 32 | new-line-at-end-of-file: disable 33 | new-lines: 34 | type: unix 35 | trailing-spaces: disable 36 | truthy: disable 37 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | - Using welcoming and inclusive language 18 | - Being respectful of differing viewpoints and experiences 19 | - Gracefully accepting constructive criticism 20 | - Focusing on what is best for the community 21 | - Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | - The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | - Trolling, insulting/derogatory comments, and personal or political attacks 28 | - Public or private harassment 29 | - Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | - Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at mrlesmithjr@gmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to ansible-samba 2 | 3 | ## Table Of Contents 4 | 5 | [Code of Conduct](#code-of-conduct) 6 | 7 | ## Code of Conduct 8 | 9 | This project and everyone participating in it is governed by the [ansible-samba Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code. Please report unacceptable behavior to [mrlesmithjr@gmail.com](mailto:mrlesmithjr@gmail.com). 10 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | Larry Smith Jr. - mrlesmithjr@gmail.com 2 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Larry Smith Jr. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ansible-samba 2 | 3 | Ansible role to install/configure Samba 4 | 5 | ## Build Status 6 | 7 | ### GitHub Actions 8 | 9 | ![Molecule Test](https://github.com/mrlesmithjr/ansible-samba/workflows/Molecule%20Test/badge.svg) 10 | 11 | ### Travis CI 12 | 13 | [![Build Status](https://travis-ci.org/mrlesmithjr/ansible-samba.svg?branch=master)](https://travis-ci.org/mrlesmithjr/ansible-samba) 14 | 15 | 16 | 17 | ## Requirements 18 | 19 | For any required Ansible roles, review: 20 | [requirements.yml](requirements.yml) 21 | 22 | ## Role Variables 23 | 24 | [defaults/main.yml](defaults/main.yml) 25 | 26 | ## Dependencies 27 | 28 | ## Example Playbook 29 | 30 | [playbook.yml](playbook.yml) 31 | 32 | ## License 33 | 34 | MIT 35 | 36 | ## Author Information 37 | 38 | Larry Smith Jr. 39 | 40 | - [@mrlesmithjr](https://twitter.com/mrlesmithjr) 41 | - [mrlesmithjr@gmail.com](mailto:mrlesmithjr@gmail.com) 42 | - [http://everythingshouldbevirtual.com](http://everythingshouldbevirtual.com) 43 | 44 | > NOTE: Repo has been created/updated using [https://github.com/mrlesmithjr/cookiecutter-ansible-role](https://github.com/mrlesmithjr/cookiecutter-ansible-role) as a template. 45 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-samba 3 | pri_domain_name: example.org 4 | samba_ad_info: 5 | [] 6 | # ad_dc_hostname: "{{ ansible_hostname }}" 7 | # ad_dns_domain_name: "{{ pri_domain_name }}" 8 | # adminpass: P@55w0rd 9 | # allow_dns_updates: disabled 10 | # backend_dns: internal 11 | # dns_forwarder: 8.8.8.8 12 | # kerberos_realm: '{{ pri_domain_name }}' 13 | # netbios_domain_name: "{{ samba_netbios_domain_name[0]|upper }}" 14 | 15 | # Allow users who've been granted usershare privileges 16 | # to create public shares, not just authenticated ones 17 | samba_allow_guests: "yes" 18 | 19 | # Defines if you are building an Active Directory domain controller 20 | samba_create_domain_controller: false 21 | 22 | # Defines if groups defined in samba_domain_groups list should be created 23 | samba_create_domain_groups: false 24 | 25 | # Defines if users defined in samba_domain_users list should be created 26 | samba_create_domain_users: false 27 | 28 | # Define Ansible group which contains your Samba domain controllers 29 | samba_domain_controllers_group: samba_domain_controllers 30 | 31 | samba_domain_groups: 32 | [] 33 | # - name: ad-test-group1 34 | # members: 35 | # - test01 36 | # - test02 37 | 38 | samba_domain_users: 39 | [] 40 | # - name: test01 41 | # password: P@55w0rd 42 | # - name: test02 43 | # password: P@55w0rd 44 | 45 | # Define samba groups to create 46 | samba_groups: 47 | [] 48 | # - nogroup 49 | # - securedgroup 50 | # - testgroup 51 | 52 | samba_netbios_domain_name: "{{ pri_domain_name.split('.') }}" 53 | 54 | # Define which Ansible host should be considered the primary domain controller 55 | samba_primary_domain_controller: "{{ groups[samba_domain_controllers_group][0] }}" 56 | 57 | # Defines samba security 58 | samba_security: user 59 | 60 | # Defines server role 61 | # (standalone server or active directory domain controller) 62 | samba_server_role: standalone server 63 | 64 | # Defines root folder for samba shares to be created 65 | samba_share_path: /mnt/samba/shares 66 | samba_shares: 67 | [] 68 | # - name: allaccess 69 | # browsable: "yes" 70 | # folder_perms: "0755" 71 | # group: nogroup 72 | # guest_ok: "yes" 73 | # owner: nobody 74 | # read_only: "no" 75 | # writable: "yes" 76 | # - name: public 77 | # browsable: "yes" 78 | # folder_perms: "0777" 79 | # group: nogroup 80 | # guest_ok: "yes" 81 | # owner: nobody 82 | # read_only: "no" 83 | # writable: "yes" 84 | # - name: secured 85 | # browsable: "yes" 86 | # folder_perms: "0770" 87 | # group: securedgroup 88 | # guest_ok: "no" 89 | # valid_users: '@securedgroup' 90 | # writable: "yes" 91 | # - name: test 92 | # browsable: "yes" 93 | # folder_perms: "0770" 94 | # group: testgroup 95 | # guest_ok: "no" 96 | # valid_users: '@testgroup' 97 | # writable: "yes" 98 | 99 | # Define users to create 100 | samba_users: 101 | [] 102 | # # Define user name to create 103 | # - name: vagrant 104 | # # Define groups to add user to 105 | # # ensure samba_groups names exist. 106 | # groups: 107 | # - nogroup 108 | # - securedgroup 109 | # - testgroup 110 | # # Define samba user password 111 | # smbpasswd: P@55w0rd 112 | samba_workgroup: "{{ samba_netbios_domain_name[0]|upper }}" 113 | 114 | # Printers options 115 | samba_use_printers: False 116 | samba_printer_type: cups 117 | samba_cups_server: "localhost:631" 118 | -------------------------------------------------------------------------------- /files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mrlesmithjr/ansible-samba/201e0153cdce518ed540a754b3085b5c97ee61e6/files/.gitkeep -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-samba 3 | - name: restart nmbd 4 | service: 5 | name: nmbd 6 | state: restarted 7 | become: true 8 | 9 | - name: restart samba-ad-dc 10 | service: 11 | name: samba-ad-dc 12 | state: restarted 13 | become: true 14 | 15 | - name: restart smbd 16 | service: 17 | name: smbd 18 | state: restarted 19 | become: true 20 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Larry Smith Jr. 4 | description: Ansible role to install/configure Samba 5 | license: MIT 6 | min_ansible_version: 1.2 7 | platforms: 8 | - name: Debian 9 | versions: 10 | - jessie 11 | - stretch 12 | - name: Ubuntu 13 | versions: 14 | - bionic 15 | - trusty 16 | - xenial 17 | 18 | galaxy_tags: 19 | - networking 20 | - system 21 | dependencies: [] 22 | -------------------------------------------------------------------------------- /molecule/centos7/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/centos7/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: centos7 15 | image: jrei/systemd-centos:7 16 | privileged: true 17 | command: /usr/sbin/init 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/centos7/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/centos8/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/centos8/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: centos8 15 | image: jrei/systemd-centos:8 16 | privileged: true 17 | command: /usr/sbin/init 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/centos8/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/debian10/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/debian10/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: debian10 15 | image: jrei/systemd-debian:10 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/debian10/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/debian8/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/debian8/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: debian8 15 | image: jrei/systemd-debian:8 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/debian8/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/debian9/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/debian9/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: debian9 15 | image: jrei/systemd-debian:9 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/debian9/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/fedora/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/fedora/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: fedora 15 | image: jrei/systemd-fedora 16 | privileged: true 17 | command: /usr/sbin/init 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/fedora/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/shared/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | tasks: 5 | - name: Include ansible-samba 6 | include_role: 7 | name: ansible-samba 8 | -------------------------------------------------------------------------------- /molecule/shared/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/ubuntu1604/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/ubuntu1604/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: ubuntu1604 15 | image: jrei/systemd-ubuntu:16.04 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/ubuntu1604/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Docker Engine 9 | 10 | Install 11 | ======= 12 | 13 | Please refer to the `Virtual environment`_ documentation for installation best 14 | practices. If not using a virtual environment, please consider passing the 15 | widely recommended `'--user' flag`_ when invoking ``pip``. 16 | 17 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 18 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 19 | 20 | .. code-block:: bash 21 | 22 | $ pip install 'molecule[docker]' 23 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: ubuntu1804 15 | image: jrei/systemd-ubuntu:18.04 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | converge: ../shared/converge.yml 27 | verifier: 28 | name: ansible 29 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Example Playbook 3 | hosts: all 4 | tasks: 5 | - name: Include ansible-samba 6 | include_role: 7 | name: ansible-samba 8 | -------------------------------------------------------------------------------- /requirements-dev.txt: -------------------------------------------------------------------------------- 1 | # Python requirements for development -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Python requirements for executing 2 | ansible 3 | ansible-lint 4 | docker 5 | flake8 6 | molecule 7 | testinfra -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mrlesmithjr/ansible-samba/201e0153cdce518ed540a754b3085b5c97ee61e6/requirements.yml -------------------------------------------------------------------------------- /tasks/config_samba.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: config_samba | configuring samba 3 | template: 4 | src: etc/samba/smb.conf.j2 5 | dest: /etc/samba/smb.conf 6 | owner: root 7 | group: root 8 | mode: 0644 9 | become: true 10 | notify: 11 | - restart nmbd 12 | - restart smbd 13 | -------------------------------------------------------------------------------- /tasks/create_domain.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create_domain | configuring samba 3 | template: 4 | src: etc/krb5.conf.j2 5 | dest: /etc/krb5.conf 6 | owner: root 7 | group: root 8 | mode: 0644 9 | become: true 10 | notify: 11 | - restart nmbd 12 | - restart smbd 13 | - restart samba-ad-dc 14 | 15 | - name: create_domain | checking if domain created 16 | stat: 17 | path: /var/log/.samba_ad_created 18 | register: samba_ad_created_check 19 | 20 | - name: create_domain | configuring Active Directory # noqa 305 21 | shell: "samba-tool domain provision --realm={{ samba_ad_info['kerberos_realm']|upper }} --domain={{ samba_ad_info['netbios_domain_name']|upper }} --adminpass='{{ samba_ad_info['adminpass'] }}' --server-role='domain controller' --use-rfc2307" # noqa 204 22 | become: true 23 | register: samba_ad_created 24 | when: 25 | - not samba_ad_created_check['stat']['exists']|bool 26 | - samba_create_domain_controller is defined 27 | - samba_create_domain_controller|bool 28 | - samba_server_role == "active directory domain controller" 29 | - inventory_hostname == samba_primary_domain_controller 30 | 31 | - name: create_domain | marking domain as created # noqa 503 32 | file: 33 | dest: /var/log/.samba_ad_created 34 | state: touch 35 | become: true 36 | register: _samba_domain_created 37 | when: 38 | - samba_ad_created['changed'] 39 | - not samba_ad_created_check['stat']['exists']|bool 40 | - inventory_hostname == samba_primary_domain_controller 41 | 42 | - name: create_domain | Setting Fact For Domain Creation Status For Primary Domain Controller 43 | set_fact: 44 | _samba_domain_exists: true 45 | when: 46 | - inventory_hostname == samba_primary_domain_controller 47 | - samba_ad_created_check['stat']['exists']|bool or _samba_domain_created['changed'] 48 | 49 | - name: create_domain | Setting Fact For Domain Creation Status For Non Primary Domain Controller 50 | set_fact: 51 | _samba_domain_exists: true 52 | when: 53 | - hostvars[samba_primary_domain_controller]['_samba_domain_exists'] 54 | - inventory_hostname in groups[samba_domain_controllers_group] 55 | - inventory_hostname != samba_primary_domain_controller 56 | 57 | - name: create_domain | marking domain as created 58 | file: 59 | dest: /var/log/.samba_ad_created 60 | state: touch 61 | become: true 62 | when: 63 | - hostvars[inventory_hostname]['_samba_domain_exists'] 64 | - not samba_ad_created_check['stat']['exists']|bool 65 | -------------------------------------------------------------------------------- /tasks/create_shares.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create_shares | creating shared directories 3 | file: 4 | path: "{{ samba_share_path + '/' + item['name'] }}" 5 | owner: "{{ item['owner']|default(omit) }}" 6 | group: "{{ item['group'] }}" 7 | mode: "{{ item['folder_perms'] }}" 8 | state: directory 9 | become: true 10 | with_items: "{{ samba_shares }}" 11 | -------------------------------------------------------------------------------- /tasks/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: debian | installing pre-reqs 3 | apt: 4 | name: ["samba", "samba-common"] 5 | state: present 6 | become: true 7 | register: result 8 | until: result is successful 9 | 10 | - name: debian | Installing Packages When Domain Controller 11 | apt: 12 | name: 13 | [ 14 | "krb5-config", 15 | "krb5-user", 16 | "libnss-winbind", 17 | "libpam-winbind", 18 | "winbind", 19 | ] 20 | state: present 21 | become: true 22 | register: result 23 | until: result is successful 24 | when: samba_create_domain_controller|bool 25 | -------------------------------------------------------------------------------- /tasks/domain_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: domain_groups | Generate Domain Group List 3 | command: samba-tool group list 4 | register: _samba_domain_groups 5 | become: true 6 | changed_when: false 7 | 8 | - name: domain_groups | Creating Domain Groups 9 | command: samba-tool group add {{ item['name'] }} 10 | become: true 11 | with_items: "{{ samba_domain_groups }}" 12 | when: item['name'] not in _samba_domain_groups['stdout'] 13 | 14 | - name: domain_groups | Capturing Domain Group Members 15 | command: samba-tool group listmembers "{{ item['name'] }}" 16 | become: true 17 | register: _samba_domain_group_members 18 | changed_when: false 19 | with_items: "{{ samba_domain_groups }}" 20 | 21 | - name: domain_groups | Managing Domain Group Members 22 | command: samba-tool group addmembers {{ item.0.item.name }} {{ item.1 }} 23 | become: true 24 | with_subelements: 25 | - "{{ _samba_domain_group_members['results'] }}" 26 | - item.members 27 | when: > 28 | item[1] != [] and 29 | item[1] not in item[0]['stdout'] 30 | -------------------------------------------------------------------------------- /tasks/domain_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: domain_users | generate list of users # noqa 301 3 | command: "samba-tool user list" 4 | register: domain_users 5 | 6 | - name: domain_users | creating domain users 7 | command: "samba-tool user add {{ item['name'] }} '{{ item['password'] }}'" 8 | # ignore_errors: true #defined for now to get around potential bug in failed_when conditionals 9 | become: true 10 | with_items: "{{ samba_domain_users }}" 11 | when: item['name'] not in domain_users['stdout'] 12 | -------------------------------------------------------------------------------- /tasks/join_domain.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: join_domain | Checking If Already Joined To Domain 3 | stat: 4 | path: /var/log/.samba_ad_joined 5 | register: samba_ad_join_check 6 | 7 | - name: join_domain | Joining Domain # noqa 305 8 | shell: samba-tool domain join {{ samba_ad_info['ad_dns_domain_name'] }} DC --username="{{ samba_ad_info['netbios_domain_name']|upper }}\administrator" --password="{{ samba_ad_info['adminpass'] }}" # noqa 204 9 | become: true 10 | register: _samba_domain_joined 11 | when: not samba_ad_join_check['stat']['exists'] 12 | 13 | - name: join_domain | Marking As Joined To Domain # noqa 503 14 | file: 15 | path: /var/log/.samba_ad_joined 16 | state: touch 17 | become: true 18 | when: _samba_domain_joined['changed'] 19 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-samba 3 | - include: debian.yml 4 | when: ansible_os_family == "Debian" 5 | 6 | - include: samba_groups.yml 7 | when: samba_groups is defined 8 | 9 | - include: samba_users.yml 10 | when: samba_users is defined 11 | 12 | - include: create_shares.yml 13 | when: samba_shares is defined 14 | 15 | - include: config_samba.yml 16 | 17 | - include: create_domain.yml 18 | when: 19 | - samba_create_domain_controller|bool 20 | 21 | - include: join_domain.yml 22 | when: 23 | - samba_create_domain_controller|bool 24 | - samba_domain_controllers_group is defined 25 | - inventory_hostname != samba_primary_domain_controller 26 | 27 | - include: domain_users.yml 28 | tags: 29 | - samba_domain_account_management 30 | - samba_domain_users 31 | when: 32 | - samba_create_domain_users is defined 33 | - samba_create_domain_users|bool 34 | - samba_domain_controllers_group is defined 35 | - inventory_hostname == samba_primary_domain_controller 36 | 37 | - include: domain_groups.yml 38 | tags: 39 | - samba_domain_account_management 40 | - samba_domain_groups 41 | when: 42 | - samba_create_domain_groups is defined 43 | - samba_create_domain_groups|bool 44 | - samba_domain_controllers_group is defined 45 | - inventory_hostname == samba_primary_domain_controller 46 | -------------------------------------------------------------------------------- /tasks/samba_groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: samba_groups | ensuring groups exist 3 | group: 4 | name: "{{ item }}" 5 | state: present 6 | become: true 7 | with_items: "{{ samba_groups }}" 8 | -------------------------------------------------------------------------------- /tasks/samba_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: samba_users | adding samba users to samba groups 3 | user: 4 | name: "{{ item[0]['name'] }}" 5 | groups: "{{ item[1] }}" 6 | append: yes 7 | become: true 8 | with_subelements: 9 | - "{{ samba_users }}" 10 | - groups 11 | 12 | - name: samba_users | creating samba user passwords # noqa 301 306 13 | shell: "(echo {{ item['smbpasswd'] }}; echo {{ item['smbpasswd'] }}) | smbpasswd -s -a {{ item['name'] }}" 14 | become: true 15 | with_items: "{{ samba_users }}" 16 | -------------------------------------------------------------------------------- /templates/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mrlesmithjr/ansible-samba/201e0153cdce518ed540a754b3085b5c97ee61e6/templates/.gitkeep -------------------------------------------------------------------------------- /templates/etc/krb5.conf.j2: -------------------------------------------------------------------------------- 1 | [libdefaults] 2 | default_realm = {{ samba_ad_info.kerberos_realm|upper }} 3 | 4 | # The following krb5.conf variables are only for MIT Kerberos. 5 | krb4_config = /etc/krb.conf 6 | krb4_realms = /etc/krb.realms 7 | kdc_timesync = 1 8 | ccache_type = 4 9 | forwardable = true 10 | proxiable = true 11 | 12 | # Disable single-DES ciphers 13 | allow_weak_crypto = false 14 | 15 | # The following libdefaults parameters are only for Heimdal Kerberos. 16 | v4_instance_resolve = false 17 | fcc-mit-ticketflags = true 18 | host = { 19 | rcmd = host 20 | ftp = ftp 21 | } 22 | plain = { 23 | something = something-else 24 | } 25 | [realms] 26 | {{ samba_ad_info.kerberos_realm|upper }} = { 27 | kdc = 127.0.0.1 28 | admin_server = 127.0.0.1 29 | } 30 | 31 | [domain_realm] 32 | .{{ samba_ad_info.kerberos_realm|lower }} = {{ samba_ad_info.kerberos_realm|upper }} 33 | {{ samba_ad_info.kerberos_realm|lower }} = {{ samba_ad_info.kerberos_realm|upper }} 34 | 35 | [login] 36 | krb4_convert = true 37 | krb4_get_tickets = false 38 | -------------------------------------------------------------------------------- /templates/etc/samba/smb.conf.j2: -------------------------------------------------------------------------------- 1 | # Global parameters 2 | {% if samba_create_domain_controller is defined and samba_create_domain_controller %} 3 | [global] 4 | dns forwarder = {{ samba_ad_info.dns_forwarder }} 5 | idmap_ldb:use rfc2307 = yes 6 | netbios name = {{ ansible_hostname|upper|truncate(15, True, '') }} 7 | realm = {{ samba_ad_info.kerberos_realm|upper }} 8 | server role = {{ samba_server_role }} 9 | workgroup = {{ samba_ad_info.netbios_domain_name|upper }} 10 | 11 | {% if samba_use_printers %} 12 | load printers = yes 13 | printing = {{ samba_printer_type|upper }} 14 | printcap name = {{ samba_printer_type }} 15 | {% if samba_printer_type == 'cups' %} 16 | cups server = {{ samba_cups_server }} 17 | {% endif %} 18 | {% endif %} 19 | 20 | [netlogon] 21 | path = /var/lib/samba/sysvol/{{ samba_ad_info.kerberos_realm|lower }}/scripts 22 | read only = No 23 | 24 | [sysvol] 25 | path = /var/lib/samba/sysvol 26 | read only = No 27 | {% elif (samba_create_domain_controller is defined and not samba_create_domain_controller) or samba_create_domain_controller is not defined %} 28 | #======================= Global Settings ======================= 29 | 30 | [global] 31 | 32 | ## Browsing/Identification ### 33 | 34 | workgroup = {{ samba_workgroup|upper }} 35 | server string = %h server (Samba, Ubuntu) 36 | dns proxy = no 37 | netbios name = {{ ansible_hostname|upper }} 38 | security = {{ samba_security }} 39 | 40 | #### Networking #### 41 | 42 | ; interfaces = 127.0.0.0/8 eth0 43 | ; bind interfaces only = yes 44 | 45 | #### Debugging/Accounting #### 46 | 47 | log file = /var/log/samba/log.%m 48 | max log size = 1000 49 | syslog = 0 50 | panic action = /usr/share/samba/panic-action %d 51 | 52 | 53 | ####### Authentication ####### 54 | 55 | server role = {{ samba_server_role }} 56 | passdb backend = tdbsam 57 | obey pam restrictions = yes 58 | unix password sync = yes 59 | passwd program = /usr/bin/passwd %u 60 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . 61 | pam password change = yes 62 | map to guest = bad user 63 | 64 | ########## Domains ########### 65 | 66 | 67 | ############ Misc ############ 68 | 69 | 70 | #======================= Share Definitions ======================= 71 | 72 | {% endif %} 73 | {% if samba_shares is defined %} 74 | #======================= Share Definitions ======================= 75 | 76 | {% for item in samba_shares %} 77 | [{{ item.name }}] 78 | browsable = {{ item.browsable|lower }} 79 | guest ok = {{ item.guest_ok|lower }} 80 | path = {{ samba_share_path }}/{{ item.name }} 81 | {% if item.read_only is defined %} 82 | read only = {{ item.read_only|lower }} 83 | {% endif %} 84 | {% if item.valid_users is defined %} 85 | valid users = {{ item.valid_users }} 86 | {% endif %} 87 | writable = {{ item.writable|lower }} 88 | 89 | {% endfor %} 90 | {% endif %} 91 | -------------------------------------------------------------------------------- /templates/etc/samba/smb.conf.orig: -------------------------------------------------------------------------------- 1 | # 2 | # Sample configuration file for the Samba suite for Debian GNU/Linux. 3 | # 4 | # 5 | # This is the main Samba configuration file. You should read the 6 | # smb.conf(5) manual page in order to understand the options listed 7 | # here. Samba has a huge number of configurable options most of which 8 | # are not shown in this example 9 | # 10 | # Some options that are often worth tuning have been included as 11 | # commented-out examples in this file. 12 | # - When such options are commented with ";", the proposed setting 13 | # differs from the default Samba behaviour 14 | # - When commented with "#", the proposed setting is the default 15 | # behaviour of Samba but the option is considered important 16 | # enough to be mentioned here 17 | # 18 | # NOTE: Whenever you modify this file you should run the command 19 | # "testparm" to check that you have not made any basic syntactic 20 | # errors. 21 | 22 | #======================= Global Settings ======================= 23 | 24 | [global] 25 | 26 | ## Browsing/Identification ### 27 | 28 | # Change this to the workgroup/NT-domain name your Samba server will part of 29 | workgroup = WORKGROUP 30 | 31 | # server string is the equivalent of the NT Description field 32 | server string = %h server (Samba, Ubuntu) 33 | 34 | # Windows Internet Name Serving Support Section: 35 | # WINS Support - Tells the NMBD component of Samba to enable its WINS Server 36 | # wins support = no 37 | 38 | # WINS Server - Tells the NMBD components of Samba to be a WINS Client 39 | # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both 40 | ; wins server = w.x.y.z 41 | 42 | # This will prevent nmbd to search for NetBIOS names through DNS. 43 | dns proxy = no 44 | 45 | #### Networking #### 46 | 47 | # The specific set of interfaces / networks to bind to 48 | # This can be either the interface name or an IP address/netmask; 49 | # interface names are normally preferred 50 | ; interfaces = 127.0.0.0/8 eth0 51 | 52 | # Only bind to the named interfaces and/or networks; you must use the 53 | # 'interfaces' option above to use this. 54 | # It is recommended that you enable this feature if your Samba machine is 55 | # not protected by a firewall or is a firewall itself. However, this 56 | # option cannot handle dynamic or non-broadcast interfaces correctly. 57 | ; bind interfaces only = yes 58 | 59 | 60 | 61 | #### Debugging/Accounting #### 62 | 63 | # This tells Samba to use a separate log file for each machine 64 | # that connects 65 | log file = /var/log/samba/log.%m 66 | 67 | # Cap the size of the individual log files (in KiB). 68 | max log size = 1000 69 | 70 | # If you want Samba to only log through syslog then set the following 71 | # parameter to 'yes'. 72 | # syslog only = no 73 | 74 | # We want Samba to log a minimum amount of information to syslog. Everything 75 | # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log 76 | # through syslog you should set the following parameter to something higher. 77 | syslog = 0 78 | 79 | # Do something sensible when Samba crashes: mail the admin a backtrace 80 | panic action = /usr/share/samba/panic-action %d 81 | 82 | 83 | ####### Authentication ####### 84 | 85 | # Server role. Defines in which mode Samba will operate. Possible 86 | # values are "standalone server", "member server", "classic primary 87 | # domain controller", "classic backup domain controller", "active 88 | # directory domain controller". 89 | # 90 | # Most people will want "standalone sever" or "member server". 91 | # Running as "active directory domain controller" will require first 92 | # running "samba-tool domain provision" to wipe databases and create a 93 | # new domain. 94 | server role = standalone server 95 | 96 | # If you are using encrypted passwords, Samba will need to know what 97 | # password database type you are using. 98 | passdb backend = tdbsam 99 | 100 | obey pam restrictions = yes 101 | 102 | # This boolean parameter controls whether Samba attempts to sync the Unix 103 | # password with the SMB password when the encrypted SMB password in the 104 | # passdb is changed. 105 | unix password sync = yes 106 | 107 | # For Unix password sync to work on a Debian GNU/Linux system, the following 108 | # parameters must be set (thanks to Ian Kahan < for 109 | # sending the correct chat script for the passwd program in Debian Sarge). 110 | passwd program = /usr/bin/passwd %u 111 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . 112 | 113 | # This boolean controls whether PAM will be used for password changes 114 | # when requested by an SMB client instead of the program listed in 115 | # 'passwd program'. The default is 'no'. 116 | pam password change = yes 117 | 118 | # This option controls how unsuccessful authentication attempts are mapped 119 | # to anonymous connections 120 | map to guest = bad user 121 | 122 | ########## Domains ########### 123 | 124 | # 125 | # The following settings only takes effect if 'server role = primary 126 | # classic domain controller', 'server role = backup domain controller' 127 | # or 'domain logons' is set 128 | # 129 | 130 | # It specifies the location of the user's 131 | # profile directory from the client point of view) The following 132 | # required a [profiles] share to be setup on the samba server (see 133 | # below) 134 | ; logon path = \\%N\profiles\%U 135 | # Another common choice is storing the profile in the user's home directory 136 | # (this is Samba's default) 137 | # logon path = \\%N\%U\profile 138 | 139 | # The following setting only takes effect if 'domain logons' is set 140 | # It specifies the location of a user's home directory (from the client 141 | # point of view) 142 | ; logon drive = H: 143 | # logon home = \\%N\%U 144 | 145 | # The following setting only takes effect if 'domain logons' is set 146 | # It specifies the script to run during logon. The script must be stored 147 | # in the [netlogon] share 148 | # NOTE: Must be store in 'DOS' file format convention 149 | ; logon script = logon.cmd 150 | 151 | # This allows Unix users to be created on the domain controller via the SAMR 152 | # RPC pipe. The example command creates a user account with a disabled Unix 153 | # password; please adapt to your needs 154 | ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u 155 | 156 | # This allows machine accounts to be created on the domain controller via the 157 | # SAMR RPC pipe. 158 | # The following assumes a "machines" group exists on the system 159 | ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u 160 | 161 | # This allows Unix groups to be created on the domain controller via the SAMR 162 | # RPC pipe. 163 | ; add group script = /usr/sbin/addgroup --force-badname %g 164 | 165 | ############ Misc ############ 166 | 167 | # Using the following line enables you to customise your configuration 168 | # on a per machine basis. The %m gets replaced with the netbios name 169 | # of the machine that is connecting 170 | ; include = /home/samba/etc/smb.conf.%m 171 | 172 | # Some defaults for winbind (make sure you're not using the ranges 173 | # for something else.) 174 | ; idmap uid = 10000-20000 175 | ; idmap gid = 10000-20000 176 | ; template shell = /bin/bash 177 | 178 | # Setup usershare options to enable non-root users to share folders 179 | # with the net usershare command. 180 | 181 | # Maximum number of usershare. 0 (default) means that usershare is disabled. 182 | ; usershare max shares = 100 183 | 184 | # Allow users who've been granted usershare privileges to create 185 | # public shares, not just authenticated ones 186 | usershare allow guests = yes 187 | 188 | #======================= Share Definitions ======================= 189 | 190 | # Un-comment the following (and tweak the other settings below to suit) 191 | # to enable the default home directory shares. This will share each 192 | # user's home directory as \\server\username 193 | ;[homes] 194 | ; comment = Home Directories 195 | ; browseable = no 196 | 197 | # By default, the home directories are exported read-only. Change the 198 | # next parameter to 'no' if you want to be able to write to them. 199 | ; read only = yes 200 | 201 | # File creation mask is set to 0700 for security reasons. If you want to 202 | # create files with group=rw permissions, set next parameter to 0775. 203 | ; create mask = 0700 204 | 205 | # Directory creation mask is set to 0700 for security reasons. If you want to 206 | # create dirs. with group=rw permissions, set next parameter to 0775. 207 | ; directory mask = 0700 208 | 209 | # By default, \\server\username shares can be connected to by anyone 210 | # with access to the samba server. 211 | # Un-comment the following parameter to make sure that only "username" 212 | # can connect to \\server\username 213 | # This might need tweaking when using external authentication schemes 214 | ; valid users = %S 215 | 216 | # Un-comment the following and create the netlogon directory for Domain Logons 217 | # (you need to configure Samba to act as a domain controller too.) 218 | ;[netlogon] 219 | ; comment = Network Logon Service 220 | ; path = /home/samba/netlogon 221 | ; guest ok = yes 222 | ; read only = yes 223 | 224 | # Un-comment the following and create the profiles directory to store 225 | # users profiles (see the "logon path" option above) 226 | # (you need to configure Samba to act as a domain controller too.) 227 | # The path below should be writable by all users so that their 228 | # profile directory may be created the first time they log on 229 | ;[profiles] 230 | ; comment = Users profiles 231 | ; path = /home/samba/profiles 232 | ; guest ok = no 233 | ; browseable = no 234 | ; create mask = 0600 235 | ; directory mask = 0700 236 | 237 | [printers] 238 | comment = All Printers 239 | browseable = no 240 | path = /var/spool/samba 241 | printable = yes 242 | guest ok = no 243 | read only = yes 244 | create mask = 0700 245 | 246 | # Windows clients look for this share name as a source of downloadable 247 | # printer drivers 248 | [print$] 249 | comment = Printer Drivers 250 | path = /var/lib/samba/printers 251 | browseable = yes 252 | read only = yes 253 | guest ok = no 254 | # Uncomment to allow remote administration of Windows print drivers. 255 | # You may need to replace 'lpadmin' with the name of the group your 256 | # admin users are members of. 257 | # Please note that you also need to set appropriate Unix permissions 258 | # to the drivers directory for these users to have write rights in it 259 | ; write list = root, @lpadmin 260 | 261 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-samba 3 | --------------------------------------------------------------------------------