mrlesmithjr / ansible-samba Goto Github PK

View Code? Open in Web Editor NEW

35.0 7.0 20.0 77 KB

License: MIT License

Jinja 100.00%

samba ansible

ansible-samba's People

Contributors

Stargazers

Watchers

Forkers

darkstar1973 pschuele darrylweaver pontusvision heimedv thiagogomesverissimo iwosurf mejo- sibskull ammarqq agobi jjsadek aruntheja-1 adnova adaikal pereirawill wbaamaral cvosshenrich frazier-at-vmware

ansible-samba's Issues

Redhat/CentOS 7 support (compile from source)

Unfortunately, Redhat/CentOS 7 don't ship samba-tool. That's why compiling Samba from source is the only option when you want to use samba-tool for maintaining your AD directory controller on those systems.

I have some WIP patches for the role to add support for compiling (and upgrading) Samba from source. Unfortunately, they're quite invasive. You can find them at mejo-@e13e9f6

The patch is currently applied against darrylweaver/ansible-samba, but I would prefer to implement it in your role as it seems to be more actively used and it's upstream to darrylweaver/ansible-samba anyway.

Would you consider to apply such a patch or is it too intrusive for you?

"AnsibleUndefinedVariable: 'list object' has no attribute 'kerberos_realm'"

I did define kerberos_realm in default/main.yml

# defaults file for ansible-samba
 pri_domain_name: res.com.tw
 samba_ad_info: []
    ad_dc_hostname: "{{ ansible_hostname }}"
    ad_dns_domain_name: "{{ pri_domain_name }}"
    adminpass: adminpass
   # allow_dns_updates: disabled
    backend_dns: internal
    dns_forwarder: 8.8.8.8
    #kerberos_realm: '{{ pri_domain_name }}'
    kerberos_realm: res.com.tw
    netbios_domain_name: "{{ samba_netbios_domain_name[0]|upper }}"

but there`s an error like below

TASK [ansible-samba : config_samba | configuring samba] ********************************************************************************************************
fatal: [hqs243.res.com.tw]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'list object' has no attribute 'kerberos_realm'"}

any suggestions ?

Enable printers options in the smb.conf via ansible variables

Not restarting nmbd ...(Ubuntu 18.04)

mai 23 16:59:12 vagrant nmbd[18510]:   server role = 'active directory domain controller' not compatible with running nmbd standalone.
mai 23 16:59:12 vagrant nmbd[18510]:   You should start 'samba' instead, and it will control starting the internal nbt server

Include the option to add new lines in smb.conf easily via ansible variables

Given that smb.conf is build by lines inside sections, one way to handle this is to define a list variable where key is the section and value is the line. What do you thinks guys? Or how do you add more lines at smb.conf in the current version?

Not restart smbd and smbd directly

From https://wiki.samba.org/index.php/Managing_the_Samba_AD_DC_Service_Using_Systemd

... the /usr/local/samba/sbin/samba service automatically starts the required smbd and winbindd service as sub-processes. If you start them manually, the Samba DC fails to work as expected. If your package provider created additional Samba service files, disable and mask them to prevent that other services re-enable them...

Create the option if this role should or not install samba

Dears,

I really like this role, thank you!

However, I am delegating the samba installation to another role (https://github.com/uspdev/ansible-role-compile-samba), because, in this way, it is possible to choose the samba version. I will send a PR to turn the instalation optional.

Don't mark domain as created on secondary directory controllers

The current logic to touch /var/log/.samba_ad_created in tasks/create_domain.yml breaks provisioning of secondary directory controllers without provisioning the primary DC at the same time.

The problematic code is in line 54. hostvars[samba_primary_domain_controller]['_samba_domain_exists'] will not be set when Ansible didn't run the preceding tasks on the primary DC as well.

I suggest to drop the whole last three tasks ins tasks/create_domain.yml. At least I didn't understand what the purpose of touching /var/log/.samba_ad_created on secondary DSs is at all. On the primary DC, it's already touched earlier in task create_domain | marking domain as created.

Fix TravisCI tests

Need to fix TravisCI tests as they do not run correctly.

Fedora 28 samba-dc package support

Fedora 28 (and 27?) has the 'samba' package and a separate 'samba-dc' package which includes the parts needed to run a domain controller. Using this role on Fedora 28 doesn't install samba-dc, so samba-tool isn't available and the domain creation fails :(

Workaround is to 'dnf install samba-dc' before using the role, but it would be more fun if samba-dc got installed as needed.

Add support for provisioning backup AD domain controllers

It would be nice to be able to provision backup AD domain controllers using this role. So far, the role only allows to join a domain as 'MEMBER', not as backup DC.

I patched the role to differ between samba_dc_role primary and secondary: mejo-@e4fd4ab

@mrlesmithjr: Would you consider to merge this patch into your role? If so, then I'll prepare a merge request.

Need to be able to have support for home directories.

Tried to use this to setup a simple samba server needed:

A read-only public share. That worked good, but would prefer to have the option of a overriding the "samba_share_path" on a per share basis.
Read/write shares for the /home directory of the users with logon privileges.
No support in this role for doing that.