--- - hosts: all become: true vars: samba_dc_dns_domain: "ad.sio.lan" samba_dc_hostname: "dc1.ad.sio.lan" samba_dc_hostname_short: "dc1" samba_dc_ip: "192.168.56.10" samba_dc_net: "192.168.56.0/24" samba_dc_realm: "AD.SIO.LAN" samba_dc_workgroup: "AD" samba_dc_domain: "AD" samba_dc_admin_password: "Azerty1+" samba_dc_dns_backend: "SAMBA_INTERNAL" # ou bien "BIND9_DLZ"  pre_tasks: - name: Set timezone to Europe/Paris timezone: name: Europe/Paris - name: Update apt cache if needed. apt: update_cache: true cache_valid_time: 3600 tasks: - name: Pre - set hostname {{ samba_dc_hostname }} copy: content: | {{ samba_dc_hostname }} dest: /etc/hostname - name: Pre - set /etc/hosts copy: content: | 127.0.0.1 localhost {{ samba_dc_ip }} {{ samba_dc_hostname }} {{ samba_dc_hostname_short }} dest: /etc/hosts - name: Pre - "Installe paquets de base" ansible.builtin.apt: state: present name: - acl - git - curl - wget - sudo - unzip - vim - gnupg - tmux - dnsutils - apt-transport-https - chrony - name: Samba - "Installe paquets Samba" ansible.builtin.apt: state: present name: - samba - winbind - libnss-winbind - krb5-user - smbclient - ldb-tools - python3-cryptography - name: Samba - Configuration Kerberos copy: content: | [libdefaults] default_realm = {{ samba_dc_realm }} dns_lookup_kdc = true dns_lookup_realm = false dest: /etc/krb5.conf - name: Samba - Nettoie smb.conf file: path: "/etc/samba/smb.conf" state: absent - name: Samba - Configure DC command: samba-tool domain provision --realm={{ samba_dc_realm }} --domain {{ samba_dc_domain }} --server-role=dc - name: Samba - Mdp Administrator command: samba-tool user setpassword administrator --newpassword={{ samba_dc_admin_password }} - name: Samba - Set dns forwarder . lineinfile: dest: "/etc/samba/smb.conf" regexp: "dns forwarder =.*" line: "dns forwarder = 9.9.9.9" state: present - name: Samba - set resolv.conf copy: content: | search {{ samba_dc_dns_domain }} nameserver 127.0.0.1 dest: /etc/resolv.conf - name: Samba - rm krb5.conf dans samba file: path: /var/lib/samba/private/krb5.conf state: absent - name: Samba - ln krb5.conf de samba vers standard file: src: /etc/krb5.conf dest: /var/lib/samba/private/krb5.conf force: true state: link - name: SAmba - unmask and enable samba-ad-dc ansible.builtin.systemd: name: samba-ad-dc masked: false enabled: true - name: Samba - mask samba ansible.builtin.systemd: name: samba masked: true enabled: false - name: Samba - mask winbind ansible.builtin.systemd: name: winbind masked: true enabled: false - name: Samba - mask smbd ansible.builtin.systemd: name: smbd masked: true enabled: false - name: Samba - mask nmbd ansible.builtin.systemd: name: nmbd masked: true enabled: false - name: Samba - reboot reboot: - name: Samba - set resolv.conf copy: content: | search {{ samba_dc_dns_domain }} nameserver 127.0.0.1 dest: /etc/resolv.conf - name: Samba - Test smbclient command: smbclient -L localhost -N - name: SAmba - test DNS SRV _ldap sur TCP command: host -t SRV _ldap._tcp.{{ samba_dc_dns_domain }} - name: Samba - test DNS SRV _kerberos sur UDP command: host -t SRV _kerberos._udp.{{ samba_dc_dns_domain }} - name: Samba - test DNS A pour dc command: host -t A {{ samba_dc_hostname }} - name: Chrony - configuration ansible.builtin.blockinfile: path: /etc/chrony/chrony.conf block: | bindcmdaddress {{ samba_dc_ip }} # The source, where we are receiving the time from server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst allow {{ samba_dc_net }} - name: Chrony - redemarrage service: name: chrony state: restarted