Fix sambox.
This commit is contained in:
Andreas B. Mundt
Andreas B. Mundt
parent
a5e143b900
commit
ec66744db4
3 changed files with 37 additions and 35 deletions
|
|
@ -1,4 +1,4 @@
|
|||
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
|
||||
ldap_server: sambox
|
||||
ldap_server: ldap
|
||||
min_id_sssd: 5000
|
||||
max_id_sssd: 20000
|
||||
|
|
|
|||
|
|
@ -18,9 +18,6 @@
|
|||
mode: 0600
|
||||
notify: restart sssd
|
||||
|
||||
- name: flush all handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: prepare samba schema
|
||||
command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/
|
||||
args:
|
||||
|
|
@ -33,8 +30,8 @@
|
|||
- name: add indexes to LDAP
|
||||
ldap_attrs:
|
||||
dn: "olcDatabase={1}mdb,cn=config"
|
||||
name: olcDbIndex
|
||||
values:
|
||||
attributes:
|
||||
olcDbIndex:
|
||||
- sambaSID eq
|
||||
- sambaPrimaryGroupSID eq
|
||||
- sambaGroupType eq
|
||||
|
|
@ -45,8 +42,8 @@
|
|||
- name: modify ACLs to account for Samba
|
||||
ldap_attrs:
|
||||
dn: "olcDatabase={1}mdb,cn=config"
|
||||
name: olcAccess
|
||||
values:
|
||||
attributes:
|
||||
olcAccess:
|
||||
- >-
|
||||
to attrs=userPassword
|
||||
by self write
|
||||
|
|
@ -63,9 +60,10 @@
|
|||
by * none
|
||||
- >-
|
||||
to * by * read
|
||||
ordered: true
|
||||
state: exact
|
||||
|
||||
- name: customize smb.conf
|
||||
- name: configure smb ldap backend
|
||||
blockinfile:
|
||||
dest: /etc/samba/smb.conf
|
||||
insertafter: '^\s*server role ='
|
||||
|
|
@ -82,6 +80,14 @@
|
|||
ldap passwd sync = yes
|
||||
notify: restart smbd
|
||||
|
||||
- name: make smb homes writable
|
||||
replace:
|
||||
path: /etc/samba/smb.conf
|
||||
regexp: '^(\s*read only =) yes$'
|
||||
replace: '\1 no'
|
||||
after: '\[homes\]'
|
||||
before: '\[.+\]'
|
||||
notify: restart smbd
|
||||
|
||||
- name: slurp admin password for samba setup
|
||||
slurp:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
## to the installer boot parameters to set hostname and domain.
|
||||
##
|
||||
|
||||
|
||||
- name: apply configuration to the sambox server
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
|
|
@ -26,14 +25,13 @@
|
|||
in_inventory: 192.168.0.[50:150]
|
||||
|
||||
di_dist: "{{ ansible_distribution_release }}"
|
||||
di_version: 10 # "{{ ansible_distribution_major_version }}"
|
||||
di_version: "{{ ansible_distribution_major_version }}"
|
||||
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
||||
|
||||
ansible_user: ansible
|
||||
repo_dir: "/home/{{ ansible_user }}/debian-lan"
|
||||
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
|
||||
|
||||
|
||||
vars_prompt:
|
||||
- name: "foo_pwd"
|
||||
prompt:
|
||||
|
|
@ -42,14 +40,12 @@
|
|||
just continue
|
||||
private: true
|
||||
|
||||
|
||||
pre_tasks:
|
||||
- name: validate if interfaces are available
|
||||
fail:
|
||||
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
|
||||
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
|
||||
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- firewalld2if
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue