Initial commit
This commit is contained in:
commit
29672d6c3e
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.vagrant/
|
16
README.md
Normal file
16
README.md
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# ansible-gnu-corporate-workstation
|
||||||
|
|
||||||
|
ansible-gnu-corporate-workstation is a set of roles that enable Active Directory member role to a GNU/Linux workstation or a server
|
||||||
|
|
||||||
|
- Currently supports Ubuntu 16.04 LTS with Unity, will support other flavors and OS
|
||||||
|
- Supports single command to deploy
|
||||||
|
|
||||||
|
|
||||||
|
### Installation
|
||||||
|
|
||||||
|
```
|
||||||
|
todo
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
10
Vagrantfile
vendored
Normal file
10
Vagrantfile
vendored
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
config.vm.box = "boxcutter/ubuntu1604-desktop"
|
||||||
|
config.vm.provision "ansible" do |ansible|
|
||||||
|
ansible.verbose = "vv"
|
||||||
|
ansible.playbook = "test.yml"
|
||||||
|
end
|
||||||
|
end
|
1
hosts
Normal file
1
hosts
Normal file
@ -0,0 +1 @@
|
|||||||
|
localhost ansible_user=vagrant ansible_password=vagrant ansible_ssh_port=2222
|
29
playbook.yml
Normal file
29
playbook.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- common
|
||||||
|
- samba
|
||||||
|
- pam
|
||||||
|
- lightdm
|
||||||
|
vars:
|
||||||
|
- kbdlang: "fr"
|
||||||
|
- kbdmodel: "pc105"
|
||||||
|
- kbdvariant: "latin9"
|
||||||
|
- localelang: "fr_FR"
|
||||||
|
- localelanguage: "fr_FR:"
|
||||||
|
- languagepacks:
|
||||||
|
- language-pack-fr
|
||||||
|
- language-pack-fr-base
|
||||||
|
vars_prompt:
|
||||||
|
- name: "ad_dns_domain"
|
||||||
|
prompt: "Active Directory DNS domain name "
|
||||||
|
private: no
|
||||||
|
- name: "ad_nt_domain"
|
||||||
|
prompt: "NT domain name "
|
||||||
|
private: no
|
||||||
|
- name: "ad_admin_username"
|
||||||
|
prompt: "Admin username "
|
||||||
|
private: no
|
||||||
|
- name: "ad_admin_password"
|
||||||
|
prompt: "Admin password "
|
42
provision.sh
Executable file
42
provision.sh
Executable file
@ -0,0 +1,42 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
prereqs="curl wget ansible"
|
||||||
|
remote_file_url="https://github.com/paulbsd/???"
|
||||||
|
archive_file="/tmp/???.tar.gz"
|
||||||
|
working_directory="/tmp/???"
|
||||||
|
|
||||||
|
update()
|
||||||
|
{
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y ${prereqs}
|
||||||
|
}
|
||||||
|
|
||||||
|
fetch_archive()
|
||||||
|
{
|
||||||
|
wget -O ${archive_file} ${remote_file_url}
|
||||||
|
}
|
||||||
|
|
||||||
|
run_playbook()
|
||||||
|
{
|
||||||
|
cd $1
|
||||||
|
ansible-playbook playbook.yml
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanup()
|
||||||
|
{
|
||||||
|
rm -rf /tmp/???
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Let's update repositories and install ansible"
|
||||||
|
update
|
||||||
|
|
||||||
|
echo "Let's download archive ..."
|
||||||
|
fetch_archive
|
||||||
|
|
||||||
|
|
||||||
|
if [[ -f ${archive_file} ]]
|
||||||
|
then
|
||||||
|
echo "Let's run "
|
||||||
|
run_playbook ${working_directory}
|
||||||
|
cleanup
|
||||||
|
fi
|
5
roles/apt/tasks/main.yml
Normal file
5
roles/apt/tasks/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
- name: Update apt sources
|
||||||
|
apt:
|
||||||
|
update_cache=yes
|
||||||
|
upgrade=yes
|
||||||
|
tags: apt
|
21
roles/common/tasks/apt.yml
Normal file
21
roles/common/tasks/apt.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
- name: Update apt sources
|
||||||
|
apt:
|
||||||
|
update_cache=yes
|
||||||
|
upgrade=yes
|
||||||
|
tags: apt
|
||||||
|
|
||||||
|
- name: Install utils main utils
|
||||||
|
apt: name={{ item }}
|
||||||
|
with_items:
|
||||||
|
- htop
|
||||||
|
- ncdu
|
||||||
|
- tmux
|
||||||
|
tags: prereqs
|
||||||
|
|
||||||
|
- name: Install needed language packs
|
||||||
|
apt: name={{ item }}
|
||||||
|
with_items:
|
||||||
|
- language-pack-fr
|
||||||
|
- language-pack-fr-base
|
||||||
|
tags: prereqs
|
||||||
|
|
9
roles/common/tasks/keyboard.yml
Normal file
9
roles/common/tasks/keyboard.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
- name: Set keyboard layouts
|
||||||
|
template:
|
||||||
|
src=keyboard.j2
|
||||||
|
dest=/etc/default/keyboard
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
tags: prereqs
|
||||||
|
|
8
roles/common/tasks/main.yml
Normal file
8
roles/common/tasks/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- name: Install aptitude
|
||||||
|
command: apt-get install -y aptitude
|
||||||
|
|
||||||
|
- name: Include apt updates
|
||||||
|
include: keyboard.yml
|
||||||
|
|
||||||
|
- name: Install needed packages
|
||||||
|
include: apt.yml
|
11
roles/common/templates/keyboard.j2
Normal file
11
roles/common/templates/keyboard.j2
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# KEYBOARD CONFIGURATION FILE
|
||||||
|
|
||||||
|
# Consult the keyboard(5) manual page.
|
||||||
|
|
||||||
|
XKBMODEL="{{ kbdmodel }}"
|
||||||
|
XKBLAYOUT="{{ kbdlang }}"
|
||||||
|
XKBVARIANT="{{ kbdvariant }}"
|
||||||
|
XKBOPTIONS=""
|
||||||
|
|
||||||
|
BACKSPACE="guess"
|
||||||
|
|
4
roles/lightdm/handlers/main.yml
Normal file
4
roles/lightdm/handlers/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: restart lightdm
|
||||||
|
service:
|
||||||
|
name=lightdm
|
||||||
|
state=restarted
|
20
roles/lightdm/tasks/main.yml
Normal file
20
roles/lightdm/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
- name: Set lightdm main configuration file
|
||||||
|
template:
|
||||||
|
src=lightdm.conf.j2
|
||||||
|
dest=/etc/lightdm/lightdm.conf
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
notify: restart lightdm
|
||||||
|
tags: lightdm
|
||||||
|
|
||||||
|
- name: Set lightdm users.conf file
|
||||||
|
template:
|
||||||
|
src=users.conf.j2
|
||||||
|
dest=/etc/lightdm/users.conf
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
notify: restart lightdm
|
||||||
|
tags: lightdm
|
||||||
|
|
6
roles/lightdm/templates/lightdm.conf.j2
Normal file
6
roles/lightdm/templates/lightdm.conf.j2
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
[SeatDefaults]
|
||||||
|
allow-guest=false
|
||||||
|
greeter-hide-users=true
|
||||||
|
greeter-show-manual-login=true
|
||||||
|
autologin-user=
|
||||||
|
|
15
roles/lightdm/templates/users.conf.j2
Normal file
15
roles/lightdm/templates/users.conf.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#
|
||||||
|
# User accounts configuration
|
||||||
|
#
|
||||||
|
# NOTE: If you have AccountsService installed on your system, then LightDM will
|
||||||
|
# use this instead and these settings will be ignored
|
||||||
|
#
|
||||||
|
# minimum-uid = Minimum UID required to be shown in greeter
|
||||||
|
# hidden-users = Users that are not shown to the user
|
||||||
|
# hidden-shells = Shells that indicate a user cannot login
|
||||||
|
#
|
||||||
|
[UserList]
|
||||||
|
minimum-uid=500
|
||||||
|
hidden-users=nobody nobody4 noaccess
|
||||||
|
hidden-shells=/bin/false /usr/sbin/nologin
|
||||||
|
|
46
roles/pam/tasks/main.yml
Normal file
46
roles/pam/tasks/main.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
- name: Install common-account
|
||||||
|
template:
|
||||||
|
src=common-account.j2
|
||||||
|
dest=/etc/pam.d/common-account
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
tags: pam
|
||||||
|
|
||||||
|
- name: Install common-auth
|
||||||
|
template:
|
||||||
|
src=common-auth.j2
|
||||||
|
dest=/etc/pam.d/common-auth
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
tags: pam
|
||||||
|
|
||||||
|
- name: Install common-password
|
||||||
|
template:
|
||||||
|
src=common-password.j2
|
||||||
|
dest=/etc/pam.d/common-password
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
tags: pam
|
||||||
|
|
||||||
|
- name: Install common-session
|
||||||
|
template:
|
||||||
|
src=common-session.j2
|
||||||
|
dest=/etc/pam.d/common-session
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
tags: pam
|
||||||
|
|
||||||
|
- name: Install common-session-noninteractive
|
||||||
|
template:
|
||||||
|
src=common-session-noninteractive.j2
|
||||||
|
dest=/etc/pam.d/common-session-noninteractive
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
tags: pam
|
||||||
|
|
26
roles/pam/templates/common-account.j2
Normal file
26
roles/pam/templates/common-account.j2
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#
|
||||||
|
# /etc/pam.d/common-account - authorization settings common to all services
|
||||||
|
#
|
||||||
|
# This file is included from other service-specific PAM config files,
|
||||||
|
# and should contain a list of the authorization modules that define
|
||||||
|
# the central access policy for use on the system. The default is to
|
||||||
|
# only deny service to users whose accounts are expired in /etc/shadow.
|
||||||
|
#
|
||||||
|
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
|
||||||
|
# To take advantage of this, it is recommended that you configure any
|
||||||
|
# local modules either before or after the default block, and use
|
||||||
|
# pam-auth-update to manage selection of other modules. See
|
||||||
|
# pam-auth-update(8) for details.
|
||||||
|
#
|
||||||
|
|
||||||
|
# here are the per-package modules (the "Primary" block)
|
||||||
|
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
|
||||||
|
account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so cached_login
|
||||||
|
# here's the fallback if no module succeeds
|
||||||
|
account requisite pam_deny.so
|
||||||
|
# prime the stack with a positive return value if there isn't one already;
|
||||||
|
# this avoids us returning an error just because nothing sets a success code
|
||||||
|
# since the modules above will each just jump around
|
||||||
|
account required pam_permit.so
|
||||||
|
# and here are more per-package modules (the "Additional" block)
|
||||||
|
# end of pam-auth-update config
|
27
roles/pam/templates/common-auth.j2
Normal file
27
roles/pam/templates/common-auth.j2
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
#
|
||||||
|
# /etc/pam.d/common-auth - authentication settings common to all services
|
||||||
|
#
|
||||||
|
# This file is included from other service-specific PAM config files,
|
||||||
|
# and should contain a list of the authentication modules that define
|
||||||
|
# the central authentication scheme for use on the system
|
||||||
|
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
|
||||||
|
# traditional Unix authentication mechanisms.
|
||||||
|
#
|
||||||
|
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
|
||||||
|
# To take advantage of this, it is recommended that you configure any
|
||||||
|
# local modules either before or after the default block, and use
|
||||||
|
# pam-auth-update to manage selection of other modules. See
|
||||||
|
# pam-auth-update(8) for details.
|
||||||
|
|
||||||
|
# here are the per-package modules (the "Primary" block)
|
||||||
|
auth [success=2 default=ignore] pam_unix.so nullok_secure
|
||||||
|
auth [success=1 default=ignore] pam_winbind.so use_first_pass cached_login krb5_auth krb5_ccache_type=FILE
|
||||||
|
# here's the fallback if no module succeeds
|
||||||
|
auth requisite pam_deny.so
|
||||||
|
# prime the stack with a positive return value if there isn't one already;
|
||||||
|
# this avoids us returning an error just because nothing sets a success code
|
||||||
|
# since the modules above will each just jump around
|
||||||
|
auth required pam_permit.so
|
||||||
|
# and here are more per-package modules (the "Additional" block)
|
||||||
|
auth optional pam_cap.so
|
||||||
|
# end of pam-auth-update config
|
35
roles/pam/templates/common-password.j2
Normal file
35
roles/pam/templates/common-password.j2
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
#
|
||||||
|
# /etc/pam.d/common-password - password-related modules common to all services
|
||||||
|
#
|
||||||
|
# This file is included from other service-specific PAM config files,
|
||||||
|
# and should contain a list of modules that define the services to be
|
||||||
|
# used to change user passwords. The default is pam_unix.
|
||||||
|
|
||||||
|
# Explanation of pam_unix options:
|
||||||
|
#
|
||||||
|
# The "sha512" option enables salted SHA512 passwords. Without this option,
|
||||||
|
# the default is Unix crypt. Prior releases used the option "md5".
|
||||||
|
#
|
||||||
|
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
|
||||||
|
# login.defs.
|
||||||
|
#
|
||||||
|
# See the pam_unix manpage for other options.
|
||||||
|
|
||||||
|
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
|
||||||
|
# To take advantage of this, it is recommended that you configure any
|
||||||
|
# local modules either before or after the default block, and use
|
||||||
|
# pam-auth-update to manage selection of other modules. See
|
||||||
|
# pam-auth-update(8) for details.
|
||||||
|
|
||||||
|
# here are the per-package modules (the "Primary" block)
|
||||||
|
password [success=2 default=ignore] pam_unix.so obscure sha512
|
||||||
|
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
|
||||||
|
# here's the fallback if no module succeeds
|
||||||
|
password requisite pam_deny.so
|
||||||
|
# prime the stack with a positive return value if there isn't one already;
|
||||||
|
# this avoids us returning an error just because nothing sets a success code
|
||||||
|
# since the modules above will each just jump around
|
||||||
|
password required pam_permit.so
|
||||||
|
# and here are more per-package modules (the "Additional" block)
|
||||||
|
password optional pam_gnome_keyring.so
|
||||||
|
# end of pam-auth-update config
|
31
roles/pam/templates/common-session-noninteractive.j2
Normal file
31
roles/pam/templates/common-session-noninteractive.j2
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
#
|
||||||
|
# /etc/pam.d/common-session-noninteractive - session-related modules
|
||||||
|
# common to all non-interactive services
|
||||||
|
#
|
||||||
|
# This file is included from other service-specific PAM config files,
|
||||||
|
# and should contain a list of modules that define tasks to be performed
|
||||||
|
# at the start and end of all non-interactive sessions.
|
||||||
|
#
|
||||||
|
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
|
||||||
|
# To take advantage of this, it is recommended that you configure any
|
||||||
|
# local modules either before or after the default block, and use
|
||||||
|
# pam-auth-update to manage selection of other modules. See
|
||||||
|
# pam-auth-update(8) for details.
|
||||||
|
|
||||||
|
# here are the per-package modules (the "Primary" block)
|
||||||
|
session [default=1] pam_permit.so
|
||||||
|
# here's the fallback if no module succeeds
|
||||||
|
session requisite pam_deny.so
|
||||||
|
# prime the stack with a positive return value if there isn't one already;
|
||||||
|
# this avoids us returning an error just because nothing sets a success code
|
||||||
|
# since the modules above will each just jump around
|
||||||
|
session required pam_permit.so
|
||||||
|
# The pam_umask module will set the umask according to the system default in
|
||||||
|
# /etc/login.defs and user settings, solving the problem of different
|
||||||
|
# umask settings with different shells, display managers, remote sessions etc.
|
||||||
|
# See "man pam_umask".
|
||||||
|
session optional pam_umask.so
|
||||||
|
# and here are more per-package modules (the "Additional" block)
|
||||||
|
session required pam_unix.so
|
||||||
|
session optional pam_winbind.so
|
||||||
|
# end of pam-auth-update config
|
33
roles/pam/templates/common-session.j2
Normal file
33
roles/pam/templates/common-session.j2
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#
|
||||||
|
# /etc/pam.d/common-session - session-related modules common to all services
|
||||||
|
#
|
||||||
|
# This file is included from other service-specific PAM config files,
|
||||||
|
# and should contain a list of modules that define tasks to be performed
|
||||||
|
# at the start and end of sessions of *any* kind (both interactive and
|
||||||
|
# non-interactive).
|
||||||
|
#
|
||||||
|
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
|
||||||
|
# To take advantage of this, it is recommended that you configure any
|
||||||
|
# local modules either before or after the default block, and use
|
||||||
|
# pam-auth-update to manage selection of other modules. See
|
||||||
|
# pam-auth-update(8) for details.
|
||||||
|
|
||||||
|
# here are the per-package modules (the "Primary" block)
|
||||||
|
session [default=1] pam_permit.so
|
||||||
|
# here's the fallback if no module succeeds
|
||||||
|
session requisite pam_deny.so
|
||||||
|
# prime the stack with a positive return value if there isn't one already;
|
||||||
|
# this avoids us returning an error just because nothing sets a success code
|
||||||
|
# since the modules above will each just jump around
|
||||||
|
session required pam_permit.so
|
||||||
|
# The pam_umask module will set the umask according to the system default in
|
||||||
|
# /etc/login.defs and user settings, solving the problem of different
|
||||||
|
# umask settings with different shells, display managers, remote sessions etc.
|
||||||
|
# See "man pam_umask".
|
||||||
|
session optional pam_umask.so
|
||||||
|
# and here are more per-package modules (the "Additional" block)
|
||||||
|
session required pam_unix.so
|
||||||
|
session required pam_mkhomedir.so skel=/etc/skel umask=0022 silent
|
||||||
|
session optional pam_winbind.so
|
||||||
|
session optional pam_systemd.so
|
||||||
|
# end of pam-auth-update config
|
8
roles/samba/handlers/main.yml
Normal file
8
roles/samba/handlers/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- name: restart samba
|
||||||
|
service:
|
||||||
|
name={{ item }}
|
||||||
|
state=restarted
|
||||||
|
with_items:
|
||||||
|
- smbd
|
||||||
|
- nmbd
|
||||||
|
- winbind
|
BIN
roles/samba/tasks/.main.yml.swp
Normal file
BIN
roles/samba/tasks/.main.yml.swp
Normal file
Binary file not shown.
62
roles/samba/tasks/main.yml
Normal file
62
roles/samba/tasks/main.yml
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
- name: Install samba and required tools
|
||||||
|
apt:
|
||||||
|
name={{ item }}
|
||||||
|
state=present
|
||||||
|
with_items:
|
||||||
|
- heimdal-clients
|
||||||
|
- libnss-winbind
|
||||||
|
- libpam-winbind
|
||||||
|
- ntp
|
||||||
|
- ntpdate
|
||||||
|
- samba
|
||||||
|
- winbind
|
||||||
|
tags: samba_install
|
||||||
|
|
||||||
|
- name: Install nsswitch passwd config
|
||||||
|
lineinfile:
|
||||||
|
dest=/etc/nsswitch.conf
|
||||||
|
regexp="^passwd:"
|
||||||
|
line="passwd{{ ':' }} files winbind"
|
||||||
|
notify: restart samba
|
||||||
|
tags: samba_nsswitch
|
||||||
|
|
||||||
|
- name: Install nsswitch group config
|
||||||
|
lineinfile:
|
||||||
|
dest=/etc/nsswitch.conf
|
||||||
|
regexp="^group:"
|
||||||
|
line="group{{ ':' }} files winbind"
|
||||||
|
notify: restart samba
|
||||||
|
tags: samba_nsswitch
|
||||||
|
|
||||||
|
- name: Install nsswitch shadow config
|
||||||
|
lineinfile:
|
||||||
|
dest=/etc/nsswitch.conf
|
||||||
|
regexp="^shadow:"
|
||||||
|
line="shadow{{ ':' }} files winbind"
|
||||||
|
notify: restart samba
|
||||||
|
tags: samba_nsswitch
|
||||||
|
|
||||||
|
- name: Install samba configuration
|
||||||
|
template:
|
||||||
|
src=smb.conf.j2
|
||||||
|
dest=/etc/samba/smb.conf
|
||||||
|
mode=0644
|
||||||
|
owner=root
|
||||||
|
group=root
|
||||||
|
notify: restart samba
|
||||||
|
tags: samba_smbconf
|
||||||
|
|
||||||
|
- name: Enable samba services
|
||||||
|
service:
|
||||||
|
name={{ item }}
|
||||||
|
enabled=yes
|
||||||
|
with_items:
|
||||||
|
- smbd
|
||||||
|
- nmbd
|
||||||
|
- winbind
|
||||||
|
tags: samba_services
|
||||||
|
|
||||||
|
- name: Join domain
|
||||||
|
shell: net ads join -U {{ ad_admin_username }}%{{ ad_admin_password }}
|
||||||
|
notify: restart samba
|
||||||
|
tags: samba_join
|
17
roles/samba/templates/smb.conf.j2
Normal file
17
roles/samba/templates/smb.conf.j2
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
[global]
|
||||||
|
workgroup = {{ ad_nt_domain }}
|
||||||
|
realm = {{ ad_dns_domain }}
|
||||||
|
security = ADS
|
||||||
|
log file = /var/log/samba/%m
|
||||||
|
max log size = 1024
|
||||||
|
template homedir = /home/%U
|
||||||
|
template shell = /bin/bash
|
||||||
|
winbind separator = /
|
||||||
|
winbind enum users = Yes
|
||||||
|
winbind enum groups = Yes
|
||||||
|
winbind use default domain = Yes
|
||||||
|
winbind offline logon = Yes
|
||||||
|
winbind rpc only = Yes
|
||||||
|
winbind refresh tickets = Yes
|
||||||
|
idmap config * : range = 16777216-33554431
|
||||||
|
idmap config * : backend = tdb
|
21
test.yml
Normal file
21
test.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- common
|
||||||
|
- samba
|
||||||
|
- pam
|
||||||
|
- lightdm
|
||||||
|
vars:
|
||||||
|
- kbdlang: "fr"
|
||||||
|
- kbdmodel: "pc105"
|
||||||
|
- kbdvariant: "latin9"
|
||||||
|
- localelang: "fr_FR"
|
||||||
|
- localelanguage: "fr_FR:"
|
||||||
|
- languagepacks:
|
||||||
|
- language-pack-fr
|
||||||
|
- language-pack-fr-base
|
||||||
|
- ad_dns_domain: AD.PAULBSD.NET
|
||||||
|
- ad_nt_domain: AD
|
||||||
|
- ad_admin_username: Administrator
|
||||||
|
- ad_admin_password: Password50
|
Loading…
Reference in New Issue
Block a user