-
Notifications
You must be signed in to change notification settings - Fork 0
/
Create_AD.yml
84 lines (75 loc) · 2.17 KB
/
Create_AD.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
---
- name: Install and configure Samba as a Domain Controller
hosts: all
become: yes
vars:
domain_name: "example.com"
realm_name: "EXAMPLE.COM"
admin_password: "YourStrongPassword"
smb_conf_path: "/etc/samba/smb.conf"
tasks:
- name: Install required packages
package:
name: "{{ item }}"
state: present
loop:
- samba
- samba-common-bin
- krb5-user
- winbind
- smbclient
- ldap-utils
- python3-samba
- name: Provision Samba as a DC
command: >
samba-tool domain provision
--use-rfc2307
--interactive
--realm {{ realm_name }}
--domain {{ domain_name.split('.')[0] }}
--server-role dc
--dns-backend SAMBA_INTERNAL
args:
creates: /var/lib/samba/private/krb5.conf
- name: Copy Kerberos configuration
copy:
src: /var/lib/samba/private/krb5.conf
dest: /etc/krb5.conf
- name: Configure smb.conf for Samba DC
lineinfile:
path: "{{ smb_conf_path }}"
line: "{{ item }}"
create: yes
loop:
- "[global]"
- "workgroup = {{ domain_name.split('.')[0].upper() }}"
- "realm = {{ realm_name }}"
- "netbios name = {{ ansible_hostname }}"
- "server role = active directory domain controller"
- "dns forwarder = 10.0.0.1"
- "idmap_ldb:use rfc2307 = yes"
- "[netlogon]"
- "path = /var/lib/samba/sysvol/{{ domain_name }}/scripts"
- "read only = no"
- "[sysvol]"
- "path = /var/lib/samba/sysvol"
- "read only = no"
- name: Enable and start Samba services
systemd:
name: "{{ item }}"
enabled: yes
state: started
loop:
- samba-ad-dc
- winbind
- name: Verify Samba configuration
command: samba-tool dbcheck
register: samba_dbcheck
- name: Output Samba DB check result
debug:
msg: "{{ samba_dbcheck.stdout }}"
- name: Set administrator password
command: >
samba-tool user setpassword administrator
--newpassword={{ admin_password }}
when: admin_password is defined