# Provisioning of Samba. Samba is able to serve as an Active Directory (AD) domain controller (DC).
# The entire process of setting up a Samba domain controller consists of 5 steps which are relatively straight forward. These steps are as follows:
# 1. Installation of Samba and associated packages
# 2. Deletion of pre-configured Samba and Kerberos placeholder configuration files
# 3. Provisioning of Samba using the automatic provisioning tool
# 4. Editing of the smb.conf as needed (enabling of Group Policy and/or other features as needed) see Group Policy for more information
# 5. Any environmental configuration based on Unix/Linux Distribution
# 
# https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/active-directory-domain-join-troubleshooting-guidance
# https://learn.microsoft.com/en-us/windows/win32/api/lmjoin/nf-lmjoin-netvalidatename


- name: Install adSamba packages
  package:
    name: "{{ dcsamba_base_packages }}"
    state: present
    install_recommends: no

- name: Add adsamba host to hosts file
  blockinfile:
    path: /etc/hosts
    marker: "# {mark} ANSIBLE-MANAGED SAMBA DC ENTRY"
    block: |
      {{ dc1 }} dc1-test.samba-test.{{ resolv_domain }}

- name: Disable Samba client services and mask them
  systemd:
    name: "{{ item }}"
    state: stopped
    enabled: no
    masked: yes
  loop: "{{ samba_client_services }}"

- name: Check if server is already joined to domain
  command:
    cmd: samba-tool domain info localhost
  register: domain_info
  failed_when: domain_info.rc != 0 and 'Cannot contact' not in domain_info.stderr
  changed_when: false

- name: Join domain as DC if not already joined
  command:
    cmd: samba-tool domain join samba."{{ resolv_domain }}" DC -U"SAMBA\\administrator" --option='idmap_ldb:use rfc2307 = yes'
  when: "'Cannot contact' in domain_info.stderr"
  register: domain_join
  changed_when: "'Joined domain' in domain_join.stdout"

- name: Copy Kerberos configuration
  copy:
    src: krb5.conf
    dest: /etc/krb5.conf
    remote_src: true
    owner: root
    group: root
    mode: '0644'

- name: Enable and start Samba AD DC service
  systemd:
    name: samba-ad-dc
    state: started
    enabled: yes