---
- hosts: all
become: true
vars:
samba_dc_dns_domain: "ad.sio.lan"
samba_dc_hostname: "dc1.ad.sio.lan"
samba_dc_hostname_short: "dc1"
samba_dc_ip: "192.168.56.10"
samba_dc_net: "192.168.56.0/24"
samba_dc_realm: "AD.SIO.LAN"
samba_dc_workgroup: "AD"
samba_dc_domain: "AD"
samba_dc_admin_password: "Azerty1+"
samba_dc_dns_backend: "SAMBA_INTERNAL" # ou bien "BIND9_DLZ"
pre_tasks:
- name: Set timezone to Europe/Paris
timezone:
name: Europe/Paris
- name: Update apt cache if needed.
apt:
update_cache: true
cache_valid_time: 3600
tasks:
- name: Pre - set hostname {{ samba_dc_hostname }}
copy:
content: |
{{ samba_dc_hostname }}
dest: /etc/hostname
- name: Pre - set /etc/hosts
copy:
content: |
127.0.0.1 localhost
{{ samba_dc_ip }} {{ samba_dc_hostname }} {{ samba_dc_hostname_short }}
dest: /etc/hosts
- name: Pre - "Installe paquets de base"
ansible.builtin.apt:
state: present
name:
- acl
- git
- curl
- wget
- sudo
- unzip
- vim
- gnupg
- tmux
- dnsutils
- apt-transport-https
- chrony
- name: Samba - "Installe paquets Samba"
ansible.builtin.apt:
state: present
name:
- samba
- winbind
- libnss-winbind
- krb5-user
- smbclient
- ldb-tools
- python3-cryptography
- name: Samba - Configuration Kerberos
copy:
content: |
[libdefaults]
default_realm = {{ samba_dc_realm }}
dns_lookup_kdc = true
dns_lookup_realm = false
dest: /etc/krb5.conf
- name: Samba - Nettoie smb.conf
file:
path: "/etc/samba/smb.conf"
state: absent
- name: Samba - Configure DC
command: samba-tool domain provision --realm={{ samba_dc_realm }} --domain {{ samba_dc_domain }} --server-role=dc
- name: Samba - Mdp Administrator
command: samba-tool user setpassword administrator --newpassword={{ samba_dc_admin_password }}
- name: Samba - Set dns forwarder .
lineinfile:
dest: "/etc/samba/smb.conf"
regexp: "dns forwarder =.*"
line: "dns forwarder = 9.9.9.9"
state: present
- name: Samba - set resolv.conf
copy:
content: |
search {{ samba_dc_dns_domain }}
nameserver 127.0.0.1
dest: /etc/resolv.conf
- name: Samba - rm krb5.conf dans samba
file:
path: /var/lib/samba/private/krb5.conf
state: absent
- name: Samba - ln krb5.conf de samba vers standard
file:
src: /etc/krb5.conf
dest: /var/lib/samba/private/krb5.conf
force: true
state: link
- name: SAmba - unmask and enable samba-ad-dc
ansible.builtin.systemd:
name: samba-ad-dc
masked: false
enabled: true
- name: Samba - mask samba
ansible.builtin.systemd:
name: samba
masked: true
enabled: false
- name: Samba - mask winbind
ansible.builtin.systemd:
name: winbind
masked: true
enabled: false
- name: Samba - mask smbd
ansible.builtin.systemd:
name: smbd
masked: true
enabled: false
- name: Samba - mask nmbd
ansible.builtin.systemd:
name: nmbd
masked: true
enabled: false
- name: Samba - reboot
reboot:
- name: Samba - set resolv.conf
copy:
content: |
search {{ samba_dc_dns_domain }}
nameserver 127.0.0.1
dest: /etc/resolv.conf
- name: Samba - Test smbclient
command: smbclient -L localhost -N
- name: SAmba - test DNS SRV _ldap sur TCP
command: host -t SRV _ldap._tcp.{{ samba_dc_dns_domain }}
- name: Samba - test DNS SRV _kerberos sur UDP
command: host -t SRV _kerberos._udp.{{ samba_dc_dns_domain }}
- name: Samba - test DNS A pour dc
command: host -t A {{ samba_dc_hostname }}
- name: Chrony - configuration
ansible.builtin.blockinfile:
path: /etc/chrony/chrony.conf
block: |
bindcmdaddress {{ samba_dc_ip }}
# The source, where we are receiving the time from
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
allow {{ samba_dc_net }}
- name: Chrony - redemarrage
service:
name: chrony
state: restarted