From ec66744db4dafd423a205bfc95f545af75255bc8 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Mon, 13 Jun 2022 23:02:29 +0200 Subject: [PATCH] Fix sambox. --- roles/sambaldap/defaults/main.yml | 2 +- roles/sambaldap/tasks/main.yml | 64 +++++++++++++++++-------------- sambox.yml | 6 +-- 3 files changed, 37 insertions(+), 35 deletions(-) diff --git a/roles/sambaldap/defaults/main.yml b/roles/sambaldap/defaults/main.yml index 37ab18a..575579c 100644 --- a/roles/sambaldap/defaults/main.yml +++ b/roles/sambaldap/defaults/main.yml @@ -1,4 +1,4 @@ basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}" -ldap_server: sambox +ldap_server: ldap min_id_sssd: 5000 max_id_sssd: 20000 diff --git a/roles/sambaldap/tasks/main.yml b/roles/sambaldap/tasks/main.yml index b67b891..ce96c14 100644 --- a/roles/sambaldap/tasks/main.yml +++ b/roles/sambaldap/tasks/main.yml @@ -18,9 +18,6 @@ mode: 0600 notify: restart sssd -- name: flush all handlers - meta: flush_handlers - - name: prepare samba schema command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/ args: @@ -33,39 +30,40 @@ - name: add indexes to LDAP ldap_attrs: dn: "olcDatabase={1}mdb,cn=config" - name: olcDbIndex - values: - - sambaSID eq - - sambaPrimaryGroupSID eq - - sambaGroupType eq - - sambaSIDList eq - - sambaDomainName eq + attributes: + olcDbIndex: + - sambaSID eq + - sambaPrimaryGroupSID eq + - sambaGroupType eq + - sambaSIDList eq + - sambaDomainName eq state: present - name: modify ACLs to account for Samba ldap_attrs: dn: "olcDatabase={1}mdb,cn=config" - name: olcAccess - values: - - >- - to attrs=userPassword - by self write - by anonymous auth - by * none - - >- - to attrs=shadowLastChange - by self write - by * read - - >- - to attrs=sambaNTPassword - by dn.exact=cn=admin,{{ basedn }} write - by self write - by * none - - >- - to * by * read + attributes: + olcAccess: + - >- + to attrs=userPassword + by self write + by anonymous auth + by * none + - >- + to attrs=shadowLastChange + by self write + by * read + - >- + to attrs=sambaNTPassword + by dn.exact=cn=admin,{{ basedn }} write + by self write + by * none + - >- + to * by * read + ordered: true state: exact -- name: customize smb.conf +- name: configure smb ldap backend blockinfile: dest: /etc/samba/smb.conf insertafter: '^\s*server role =' @@ -82,6 +80,14 @@ ldap passwd sync = yes notify: restart smbd +- name: make smb homes writable + replace: + path: /etc/samba/smb.conf + regexp: '^(\s*read only =) yes$' + replace: '\1 no' + after: '\[homes\]' + before: '\[.+\]' + notify: restart smbd - name: slurp admin password for samba setup slurp: diff --git a/sambox.yml b/sambox.yml index 9954225..6bf8c04 100644 --- a/sambox.yml +++ b/sambox.yml @@ -3,7 +3,6 @@ ## to the installer boot parameters to set hostname and domain. ## - - name: apply configuration to the sambox server hosts: all remote_user: ansible @@ -26,14 +25,13 @@ in_inventory: 192.168.0.[50:150] di_dist: "{{ ansible_distribution_release }}" - di_version: 10 # "{{ ansible_distribution_major_version }}" + di_version: "{{ ansible_distribution_major_version }}" di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" ansible_user: ansible repo_dir: "/home/{{ ansible_user }}/debian-lan" ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module - vars_prompt: - name: "foo_pwd" prompt: @@ -42,14 +40,12 @@ just continue private: true - pre_tasks: - name: validate if interfaces are available fail: msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed." when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan) - roles: - up2date_debian - firewalld2if