adding roles for samba-ad-dc and samba-ad-member

2021-08-26 10:37:49 -04:00
parent 69e9c79702
commit ab9c9281d8
32 changed files with 1568 additions and 0 deletions
--- a/role-samba4-ad-member/templates/domain-admins.j2
+++ b/role-samba4-ad-member/templates/domain-admins.j2
@@ -0,0 +1 @@
+%domain\ admins ALL=(ALL:ALL) ALL
--- a/role-samba4-ad-member/templates/pam_winbind.conf.j2
+++ b/role-samba4-ad-member/templates/pam_winbind.conf.j2
@@ -0,0 +1,41 @@
+#
+# pam_winbind configuration file
+#
+# /etc/security/pam_winbind.conf
+#
+# For more details see man pam_winbind.conf(5)
+
+[global]
+
+# turn on debugging
+;debug = no
+
+# turn on extended PAM state debugging
+;debug_state = no
+
+# request a cached login if possible
+# (needs "winbind offline logon = yes" in smb.conf)
+;cached_login = no
+cached_login = yes
+
+# authenticate using kerberos
+;krb5_auth = no
+
+# when using kerberos, request a "FILE" or "DIR" krb5 credential cache type
+# (leave empty to just do krb5 authentication but not have a ticket
+# afterwards)
+;krb5_ccache_type =
+
+# make successful authentication dependend on membership of one SID
+# (can also take a name)
+;require_membership_of =
+
+# password expiry warning period in days
+;warn_pwd_expire = 14
+warn_pwd_expire = 21
+
+# omit pam conversations
+;silent = no
+
+# create homedirectory on the fly
+;mkhomedir = no
--- a/role-samba4-ad-member/templates/resolved.conf.j2
+++ b/role-samba4-ad-member/templates/resolved.conf.j2
@@ -0,0 +1,22 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See resolved.conf(5) for details
+
+[Resolve]
+DNS={{ smb_dns }}
+FallbackDNS= {{ smb_fallbackdns }}
+Domains={{ smb_domains }}
+LLMNR={{ smb_llmnr }}
+MulticastDNS={{ smb_multicastdns }}
+DNSSEC={{ smb_dnssec }}
+Cache={{ smb_cache }}
+DNSStubListener={{ smb_dnsstublistener }}
--- a/role-samba4-ad-member/templates/smb.conf.j2
+++ b/role-samba4-ad-member/templates/smb.conf.j2
@@ -0,0 +1,23 @@
+[global]
+workgroup = {{ smb_workgroup }}
+realm = {{ smb_realm }}
+netbios name = {{ ansible_hostname }}
+security = ADS
+#encrypt passwords = yes
+dns forwarder = {{ smb_dns_servers }}
+
+idmap config * :backend = tdb
+idmap config *:range = 50000-1000000
+template homedir = /home/%D/%U
+template shell = /bin/bash
+
+winbind use default domain = yes
+winbind offline logon = false
+winbind nss info = rfc2307
+winbind enum users  = yes
+winbind enum groups = yes
+winbind offline logon = yes
+
+vfs objects = acl_xattr
+map acl inherit = Yes
+store dos attributes = Yes