Fix sambox.
This commit is contained in:
Andreas B. Mundt
Andreas B. Mundt
parent
a5e143b900
commit
ec66744db4
3 changed files with 37 additions and 35 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
|
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
|
||||||
ldap_server: sambox
|
ldap_server: ldap
|
||||||
min_id_sssd: 5000
|
min_id_sssd: 5000
|
||||||
max_id_sssd: 20000
|
max_id_sssd: 20000
|
||||||
|
|
|
||||||
|
|
@ -18,9 +18,6 @@
|
||||||
mode: 0600
|
mode: 0600
|
||||||
notify: restart sssd
|
notify: restart sssd
|
||||||
|
|
||||||
- name: flush all handlers
|
|
||||||
meta: flush_handlers
|
|
||||||
|
|
||||||
- name: prepare samba schema
|
- name: prepare samba schema
|
||||||
command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/
|
command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/
|
||||||
args:
|
args:
|
||||||
|
|
@ -33,8 +30,8 @@
|
||||||
- name: add indexes to LDAP
|
- name: add indexes to LDAP
|
||||||
ldap_attrs:
|
ldap_attrs:
|
||||||
dn: "olcDatabase={1}mdb,cn=config"
|
dn: "olcDatabase={1}mdb,cn=config"
|
||||||
name: olcDbIndex
|
attributes:
|
||||||
values:
|
olcDbIndex:
|
||||||
- sambaSID eq
|
- sambaSID eq
|
||||||
- sambaPrimaryGroupSID eq
|
- sambaPrimaryGroupSID eq
|
||||||
- sambaGroupType eq
|
- sambaGroupType eq
|
||||||
|
|
@ -45,8 +42,8 @@
|
||||||
- name: modify ACLs to account for Samba
|
- name: modify ACLs to account for Samba
|
||||||
ldap_attrs:
|
ldap_attrs:
|
||||||
dn: "olcDatabase={1}mdb,cn=config"
|
dn: "olcDatabase={1}mdb,cn=config"
|
||||||
name: olcAccess
|
attributes:
|
||||||
values:
|
olcAccess:
|
||||||
- >-
|
- >-
|
||||||
to attrs=userPassword
|
to attrs=userPassword
|
||||||
by self write
|
by self write
|
||||||
|
|
@ -63,9 +60,10 @@
|
||||||
by * none
|
by * none
|
||||||
- >-
|
- >-
|
||||||
to * by * read
|
to * by * read
|
||||||
|
ordered: true
|
||||||
state: exact
|
state: exact
|
||||||
|
|
||||||
- name: customize smb.conf
|
- name: configure smb ldap backend
|
||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/samba/smb.conf
|
dest: /etc/samba/smb.conf
|
||||||
insertafter: '^\s*server role ='
|
insertafter: '^\s*server role ='
|
||||||
|
|
@ -82,6 +80,14 @@
|
||||||
ldap passwd sync = yes
|
ldap passwd sync = yes
|
||||||
notify: restart smbd
|
notify: restart smbd
|
||||||
|
|
||||||
|
- name: make smb homes writable
|
||||||
|
replace:
|
||||||
|
path: /etc/samba/smb.conf
|
||||||
|
regexp: '^(\s*read only =) yes$'
|
||||||
|
replace: '\1 no'
|
||||||
|
after: '\[homes\]'
|
||||||
|
before: '\[.+\]'
|
||||||
|
notify: restart smbd
|
||||||
|
|
||||||
- name: slurp admin password for samba setup
|
- name: slurp admin password for samba setup
|
||||||
slurp:
|
slurp:
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
## to the installer boot parameters to set hostname and domain.
|
## to the installer boot parameters to set hostname and domain.
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
- name: apply configuration to the sambox server
|
- name: apply configuration to the sambox server
|
||||||
hosts: all
|
hosts: all
|
||||||
remote_user: ansible
|
remote_user: ansible
|
||||||
|
|
@ -26,14 +25,13 @@
|
||||||
in_inventory: 192.168.0.[50:150]
|
in_inventory: 192.168.0.[50:150]
|
||||||
|
|
||||||
di_dist: "{{ ansible_distribution_release }}"
|
di_dist: "{{ ansible_distribution_release }}"
|
||||||
di_version: 10 # "{{ ansible_distribution_major_version }}"
|
di_version: "{{ ansible_distribution_major_version }}"
|
||||||
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
||||||
|
|
||||||
ansible_user: ansible
|
ansible_user: ansible
|
||||||
repo_dir: "/home/{{ ansible_user }}/debian-lan"
|
repo_dir: "/home/{{ ansible_user }}/debian-lan"
|
||||||
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
|
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
|
||||||
|
|
||||||
|
|
||||||
vars_prompt:
|
vars_prompt:
|
||||||
- name: "foo_pwd"
|
- name: "foo_pwd"
|
||||||
prompt:
|
prompt:
|
||||||
|
|
@ -42,14 +40,12 @@
|
||||||
just continue
|
just continue
|
||||||
private: true
|
private: true
|
||||||
|
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: validate if interfaces are available
|
- name: validate if interfaces are available
|
||||||
fail:
|
fail:
|
||||||
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
|
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
|
||||||
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
|
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
|
||||||
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- up2date_debian
|
- up2date_debian
|
||||||
- firewalld2if
|
- firewalld2if
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue