2024-12-20 12:29:56 +00:00
|
|
|
- name: Install adSamba packages
|
|
|
|
|
package:
|
|
|
|
|
name: "{{ dcsamba_base_packages }}"
|
|
|
|
|
state: present
|
|
|
|
|
install_recommends: no
|
|
|
|
|
|
|
|
|
|
- name: Add adsamba host to hosts file
|
|
|
|
|
blockinfile:
|
|
|
|
|
path: /etc/hosts
|
|
|
|
|
marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
|
|
|
|
|
block: |
|
2025-01-02 08:24:29 +00:00
|
|
|
{{ dc1 }} dc1-test.samba-test.{{ resolv_domain }}
|
2024-12-20 12:29:56 +00:00
|
|
|
|
|
|
|
|
- name: Disable Samba client services and mask them
|
|
|
|
|
systemd:
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
state: stopped
|
|
|
|
|
enabled: no
|
|
|
|
|
masked: yes
|
|
|
|
|
loop: "{{ samba_client_services }}"
|
|
|
|
|
|
|
|
|
|
- name: Check if server is already joined to domain
|
|
|
|
|
command:
|
|
|
|
|
cmd: samba-tool domain info localhost
|
|
|
|
|
register: domain_info
|
|
|
|
|
failed_when: domain_info.rc != 0 and 'Cannot contact' not in domain_info.stderr
|
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
|
|
- name: Join domain as DC if not already joined
|
|
|
|
|
command:
|
|
|
|
|
cmd: samba-tool domain join samba."{{ resolv_domain }}" DC -U"SAMBA\\administrator" --option='idmap_ldb:use rfc2307 = yes'
|
|
|
|
|
when: "'Cannot contact' in domain_info.stderr"
|
|
|
|
|
register: domain_join
|
|
|
|
|
changed_when: "'Joined domain' in domain_join.stdout"
|
|
|
|
|
|
|
|
|
|
- name: Copy Kerberos configuration
|
|
|
|
|
copy:
|
|
|
|
|
src: krb5.conf
|
|
|
|
|
dest: /etc/krb5.conf
|
|
|
|
|
remote_src: true
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
|
|
- name: Enable and start Samba AD DC service
|
|
|
|
|
systemd:
|
|
|
|
|
name: samba-ad-dc
|
|
|
|
|
state: started
|
|
|
|
|
enabled: yes
|
