Fix sambox.
This commit is contained in:
Andreas B. Mundt
Andreas B. Mundt
parent
a5e143b900
commit
ec66744db4
3 changed files with 37 additions and 35 deletions
|
|
@ -1,4 +1,4 @@
|
|||
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
|
||||
ldap_server: sambox
|
||||
ldap_server: ldap
|
||||
min_id_sssd: 5000
|
||||
max_id_sssd: 20000
|
||||
|
|
|
|||
|
|
@ -18,9 +18,6 @@
|
|||
mode: 0600
|
||||
notify: restart sssd
|
||||
|
||||
- name: flush all handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: prepare samba schema
|
||||
command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/
|
||||
args:
|
||||
|
|
@ -33,39 +30,40 @@
|
|||
- name: add indexes to LDAP
|
||||
ldap_attrs:
|
||||
dn: "olcDatabase={1}mdb,cn=config"
|
||||
name: olcDbIndex
|
||||
values:
|
||||
- sambaSID eq
|
||||
- sambaPrimaryGroupSID eq
|
||||
- sambaGroupType eq
|
||||
- sambaSIDList eq
|
||||
- sambaDomainName eq
|
||||
attributes:
|
||||
olcDbIndex:
|
||||
- sambaSID eq
|
||||
- sambaPrimaryGroupSID eq
|
||||
- sambaGroupType eq
|
||||
- sambaSIDList eq
|
||||
- sambaDomainName eq
|
||||
state: present
|
||||
|
||||
- name: modify ACLs to account for Samba
|
||||
ldap_attrs:
|
||||
dn: "olcDatabase={1}mdb,cn=config"
|
||||
name: olcAccess
|
||||
values:
|
||||
- >-
|
||||
to attrs=userPassword
|
||||
by self write
|
||||
by anonymous auth
|
||||
by * none
|
||||
- >-
|
||||
to attrs=shadowLastChange
|
||||
by self write
|
||||
by * read
|
||||
- >-
|
||||
to attrs=sambaNTPassword
|
||||
by dn.exact=cn=admin,{{ basedn }} write
|
||||
by self write
|
||||
by * none
|
||||
- >-
|
||||
to * by * read
|
||||
attributes:
|
||||
olcAccess:
|
||||
- >-
|
||||
to attrs=userPassword
|
||||
by self write
|
||||
by anonymous auth
|
||||
by * none
|
||||
- >-
|
||||
to attrs=shadowLastChange
|
||||
by self write
|
||||
by * read
|
||||
- >-
|
||||
to attrs=sambaNTPassword
|
||||
by dn.exact=cn=admin,{{ basedn }} write
|
||||
by self write
|
||||
by * none
|
||||
- >-
|
||||
to * by * read
|
||||
ordered: true
|
||||
state: exact
|
||||
|
||||
- name: customize smb.conf
|
||||
- name: configure smb ldap backend
|
||||
blockinfile:
|
||||
dest: /etc/samba/smb.conf
|
||||
insertafter: '^\s*server role ='
|
||||
|
|
@ -82,6 +80,14 @@
|
|||
ldap passwd sync = yes
|
||||
notify: restart smbd
|
||||
|
||||
- name: make smb homes writable
|
||||
replace:
|
||||
path: /etc/samba/smb.conf
|
||||
regexp: '^(\s*read only =) yes$'
|
||||
replace: '\1 no'
|
||||
after: '\[homes\]'
|
||||
before: '\[.+\]'
|
||||
notify: restart smbd
|
||||
|
||||
- name: slurp admin password for samba setup
|
||||
slurp:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue