diff --git a/manifests/config.pp b/manifests/config.pp index 0b04ddb..1de55e7 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -16,53 +16,58 @@ # } class winbind::config ( # lint:ignore:80chars - $krb5_admin_server = $::winbind::krb5_admin_server, - $krb5_default = $::winbind::krb5_default, - $krb5_dns_lookup_kdc = $::winbind::krb5_dns_lookup_kdc, - $krb5_dns_lookup_realm = $::winbind::krb5_dns_lookup_realm, - $krb5_forwardable = $::winbind::krb5_forwardable, - $krb5_kdc = $::winbind::krb5_kdc, - $krb5_renew_lifetime = $::winbind::krb5_renew_lifetime, - $krb5_ticket_lifetime = $::winbind::krb5_ticket_lifetime, - $manage_joindomain_script = $::winbind::manage_joindomain_script, - $manage_oddjob_service = $::winbind::manage_oddjob_service, - $oddjobd_homdir_mask = $::winbind::oddjobd_homdir_mask, - $pam_cached_login = $::winbind::pam_cached_login, - $pam_debug_state = $::winbind::pam_debug_state, - $pam_debug = $::winbind::pam_debug, - $pam_krb5_auth = $::winbind::pam_krb5_auth, - $pam_krb5_ccache_type = $::winbind::pam_krb5_ccache_type, - $pam_mkhomedir = $::winbind::pam_mkhomedir, - $pam_require_membership_of = $::winbind::pam_require_membership_of, - $pam_silent = $::winbind::pam_silent, - $pam_warn_pwd_expire = $::winbind::pam_warn_pwd_expire, - $smb_encrypt_passwords = $::winbind::smb_encrypt_passwords, - $smb_idmap_config_default_backend = $::winbind::smb_idmap_config_default_backend, - $smb_idmap_config_default_range_end = $::winbind::smb_idmap_config_default_range_end, - $smb_idmap_config_default_rangesize = $::winbind::smb_idmap_config_default_rangesize, - $smb_idmap_config_default_range_start = $::winbind::smb_idmap_config_default_range_start, - $smb_include_dir = $::winbind::smb_includes_dir, - $smb_includes_files = $::winbind::smb_includes_files, - $smb_log_file = $::winbind::smb_log_file, - $smb_log_level = $::winbind::smb_log_level, - $smb_max_log_size = $::winbind::smb_max_log_size, - $smb_printcap_name = $::winbind::smb_printcap_name, - $smb_printing = $::winbind::smb_printing, - $smb_realm = $::winbind::smb_realm, - $smb_security = $::winbind::smb_security, - $smb_server_string = $::winbind::smb_server_string, - $smb_settings_hash = $::winbind::smb_settings_hash, - $smb_syslog = $::winbind::smb_syslog, - $smb_template_homedir = $::winbind::smb_template_homedir, - $smb_template_shell = $::winbind::smb_template_shell, - $smb_winbind_enum_groups = $::winbind::smb_winbind_enum_groups, - $smb_winbind_enum_users = $::winbind::smb_winbind_enum_users, - $smb_winbind_normalize_names = $::winbind::smb_winbind_normalize_names, - $smb_winbind_nss_info = $::winbind::smb_winbind_nss_info, - $smb_winbind_offline_logon = $::winbind::smb_winbind_offline_logon, - $smb_winbind_separator = $::winbind::smb_winbind_separator, - $smb_winbind_use_default_domain = $::winbind::smb_winbind_use_default_domain, - $smb_workgroup = $::winbind::smb_workgroup, + $krb5_libdefaults_default_realm = $::winbind::krb5_libdefaults_default_realm, + $krb5_libdefaults_dns_lookup_kdc = $::winbind::krb5_libdefaults_dns_lookup_kdc, + $krb5_libdefaults_dns_lookup_realm = $::winbind::krb5_libdefaults_dns_lookup_realm, + $krb5_libdefaults_forwardable = $::winbind::krb5_libdefaults_forwardable, + $krb5_libdefaults_renew_lifetime = $::winbind::krb5_libdefaults_renew_lifetime, + $krb5_libdefaults_ticket_lifetime = $::winbind::krb5_libdefaults_ticket_lifetime, + $krb5_logging_admin_server = $::winbind::krb5_logging_admin_server, + $krb5_logging_default = $::winbind::krb5_logging_default, + $krb5_logging_kdc = $::winbind::krb5_logging_kdc, + $krb5_realms_admin_server = $::winbind::krb5_realms_admin_server, + $krb5_realms_kdc = $::winbind::krb5_realms_kdc, + $manage_joindomain_script = $::winbind::manage_joindomain_script, + $manage_samba_service = $::winbind::manage_samba_service, + $package_ensure = $::winbind::package_ensure, + $pam_cached_login = $::winbind::pam_cached_login, + $pam_debug = $::winbind::pam_debug, + $pam_debug_state = $::winbind::pam_debug_state, + $pam_krb5_auth = $::winbind::pam_krb5_auth, + $pam_krb5_ccache_type = $::winbind::pam_krb5_ccache_type, + $pam_mkhomedir = $::winbind::pam_mkhomedir, + $pam_require_membership_of = $::winbind::pam_require_membership_of, + $pam_silent = $::winbind::pam_silent, + $pam_warn_pwd_expire = $::winbind::pam_warn_pwd_expire, + $smb_client_use_spnego = $::winbind::smb_client_use_spnego, + $smb_cups_options = $::winbind::smb_cups_options, + $smb_disable_spoolss = $::winbind::smb_disable_spoolss, + $smb_encrypt_passwords = $::winbind::smb_encrypt_passwords, + $smb_idmap_config_backend = $::winbind::smb_idmap_config_backend, + $smb_idmap_config_base_rid = $::winbind::smb_idmap_config_base_rid, + $smb_idmap_config_range = $::winbind::smb_idmap_config_range, + $smb_idmap_config_rangesize = $::winbind::smb_idmap_config_rangesize, + $smb_kerberos_method = $::winbind::smb_kerberos_method, + $smb_load_printers = $::winbind::smb_load_printers, + $smb_log_file = $::winbind::smb_log_file, + $smb_max_log_size = $::winbind::smb_max_log_size, + $smb_passdb_backend = $::winbind::smb_passdb_backend, + $smb_password_server = $::winbind::smb_password_server, + $smb_printcap_name = $::winbind::smb_printcap_name, + $smb_printing = $::winbind::smb_printing, + $smb_realm = $::winbind::smb_realm, + $smb_security = $::winbind::smb_security, + $smb_server_string = $::winbind::smb_server_string, + $smb_show_add_printer_wizard = $::winbind::smb_show_add_printer_wizard, + $smb_template_homedir = $::winbind::smb_template_homedir, + $smb_template_shell = $::winbind::smb_template_shell, + $smb_winbind_cache_time = $::winbind::smb_winbind_cache_time, + $smb_winbind_enum_groups = $::winbind::smb_winbind_enum_groups, + $smb_winbind_enum_users = $::winbind::smb_winbind_enum_users, + $smb_winbind_offline_logon = $::winbind::smb_winbind_offline_logon, + $smb_winbind_separator = $::winbind::smb_winbind_separator, + $smb_winbind_use_default_domain = $::winbind::smb_winbind_use_default_domain, + $smb_workgroup = $::winbind::smb_workgroup, # lint:endignore ) { if $manage_joindomain_script { @@ -88,17 +93,6 @@ notify => Service['winbind'], } - if $::osfamily == 'RedHat' { - file { '/etc/oddjobd.conf.d/oddjobd-mkhomedir.conf': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0644', - content => template('winbind/oddjobd-mkhomedir.conf.erb'), - notify => Service[['oddjobd', 'winbind',]], - } - } - file { '/etc/samba/smb.conf': ensure => 'file', owner => 'root', @@ -108,14 +102,6 @@ notify => Service['winbind'], } - file { $smb_include_dir: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0644', - notify => Service['winbind'], - } - file { '/etc/security/pam_winbind.conf': ensure => 'file', owner => 'root', @@ -125,12 +111,4 @@ notify => Service['winbind'], } - if ($smb_settings_hash) { - validate_hash($smb_settings_hash) - $defaults = { - 'path' => "${smb_include_dir}/smb-extras.conf" - } - create_ini_settings($smb_settings_hash, $defaults) - } - } diff --git a/manifests/init.pp b/manifests/init.pp index 64567df..3b82978 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,161 +1,61 @@ -# Class: winbind -# -# This module manages winbind -# -# Parameters: none -# -# Actions: -# -# Requires: see Modulefile -# -# Sample Usage: -# class winbind ( # lint:ignore:80chars - $enable_sharing = $::winbind::params::enable_sharing, - $krb5_admin_server = $::winbind::params::krb5_admin_server, - $krb5_default = $::winbind::params::krb5_default, - $krb5_dns_lookup_kdc = $::winbind::params::krb5_dns_lookup_kdc, - $krb5_dns_lookup_realm = $::winbind::params::krb5_dns_lookup_realm, - $krb5_forwardable = $::winbind::params::krb5_forwardable, - $krb5_kdc = $::winbind::params::krb5_kdc, - $krb5_renew_lifetime = $::winbind::params::krb5_renew_lifetime, - $krb5_ticket_lifetime = $::winbind::params::krb5_ticket_lifetime, - $manage_joindomain_script = $::winbind::params::manage_joindomain_script, - $manage_messagebus_service = $::winbind::params::manage_messagebus_service, - $manage_oddjob_service = $::winbind::params::manage_oddjob_service, - $manage_samba_service = $::winbind::params::manage_samba_service, - $oddjobd_homdir_mask = $::winbind::params::oddjobd_homdir_mask, - $package_ensure = $::winbind::params::package_ensure, - $pam_cached_login = $::winbind::params::pam_cached_login, - $pam_debug_state = $::winbind::params::pam_debug_state, - $pam_debug = $::winbind::params::pam_debug, - $pam_krb5_auth = $::winbind::params::pam_krb5_auth, - $pam_krb5_ccache_type = $::winbind::params::pam_krb5_ccache_type, - $pam_mkhomedir = $::winbind::params::pam_mkhomedir, - $pam_require_membership_of = $::winbind::params::pam_require_membership_of, - $pam_silent = $::winbind::params::pam_silent, - $pam_warn_pwd_expire = $::winbind::params::pam_warn_pwd_expire, - $smb_encrypt_passwords = $::winbind::params::smb_encrypt_passwords, - $smb_idmap_config_default_backend = $::winbind::params::smb_idmap_config_default_backend, - $smb_idmap_config_default_range_end = $::winbind::params::smb_idmap_config_default_range_end, - $smb_idmap_config_default_rangesize = $::winbind::params::smb_idmap_config_default_rangesize, - $smb_idmap_config_default_range_start = $::winbind::params::smb_idmap_config_default_range_start, - $smb_include_dir = $::winbind::params::smb_includes_dir, - $smb_includes_files = $::winbind::params::smb_includes_files, - $smb_log_file = $::winbind::params::smb_log_file, - $smb_log_level = $::winbind::params::smb_log_level, - $smb_max_log_size = $::winbind::params::smb_max_log_size, - $smb_printcap_name = $::winbind::params::smb_printcap_name, - $smb_printing = $::winbind::params::smb_printing, - $smb_realm = $::winbind::params::smb_realm, - $smb_security = $::winbind::params::smb_security, - $smb_server_string = $::winbind::params::smb_server_string, - $smb_settings_hash = $::winbind::params::smb_settings_hash, - $smb_syslog = $::winbind::params::smb_syslog, - $smb_template_homedir = $::winbind::params::smb_template_homedir, - $smb_template_shell = $::winbind::params::smb_template_shell, - $smb_winbind_enum_groups = $::winbind::params::smb_winbind_enum_groups, - $smb_winbind_enum_users = $::winbind::params::smb_winbind_enum_users, - $smb_winbind_normalize_names = $::winbind::params::smb_winbind_normalize_names, - $smb_winbind_nss_info = $::winbind::params::smb_winbind_nss_info, - $smb_winbind_offline_logon = $::winbind::params::smb_winbind_offline_logon, - $smb_winbind_separator = $::winbind::params::smb_winbind_separator, - $smb_winbind_use_default_domain = $::winbind::params::smb_winbind_use_default_domain, - $smb_workgroup = $::winbind::params::smb_workgroup, + Array $pam_require_membership_of = $::winbind::params::pam_require_membership_of, + Array $krb5_realms_kdc = $::winbind::params::krb5_realms_kdc, + String $smb_password_server = $::winbind::params::smb_password_server, + Boolean $krb5_libdefaults_dns_lookup_kdc = $::winbind::params::krb5_libdefaults_dns_lookup_kdc, + Boolean $krb5_libdefaults_dns_lookup_realm = $::winbind::params::krb5_libdefaults_dns_lookup_realm, + Boolean $krb5_libdefaults_forwardable = $::winbind::params::krb5_libdefaults_forwardable, + Boolean $manage_joindomain_script = $::winbind::params::manage_joindomain_script, + Boolean $manage_samba_service = $::winbind::params::manage_samba_service, + Boolean $smb_winbind_offline_logon = $::winbind::params::smb_winbind_offline_logon, + Boolean $smb_winbind_use_default_domain = $::winbind::params::smb_winbind_use_default_domain, + Numeric $pam_warn_pwd_expire = $::winbind::params::pam_warn_pwd_expire, + Numeric $smb_idmap_config_base_rid = $::winbind::params::smb_idmap_config_base_rid, + Numeric $smb_idmap_config_rangesize = $::winbind::params::smb_idmap_config_rangesize, + Numeric $smb_max_log_size = $::winbind::params::smb_max_log_size, + Numeric $smb_winbind_cache_time = $::winbind::params::smb_winbind_cache_time, + String $krb5_libdefaults_default_realm = $::winbind::params::krb5_libdefaults_default_realm, + String $krb5_libdefaults_renew_lifetime = $::winbind::params::krb5_libdefaults_renew_lifetime, + String $krb5_libdefaults_ticket_lifetime = $::winbind::params::krb5_libdefaults_ticket_lifetime, + String $krb5_logging_admin_server = $::winbind::params::krb5_logging_admin_server, + String $krb5_logging_default = $::winbind::params::krb5_logging_default, + String $krb5_logging_kdc = $::winbind::params::krb5_logging_kdc, + String $krb5_realms_admin_server = $::winbind::params::krb5_realms_admin_server, + String $package_ensure = $::winbind::params::package_ensure, + String $pam_cached_login = $::winbind::params::pam_cached_login, + String $pam_debug = $::winbind::params::pam_debug, + String $pam_debug_state = $::winbind::params::pam_debug_state, + String $pam_krb5_auth = $::winbind::params::pam_krb5_auth, + String $pam_krb5_ccache_type = $::winbind::params::pam_krb5_ccache_type, + String $pam_mkhomedir = $::winbind::params::pam_mkhomedir, + String $pam_silent = $::winbind::params::pam_silent, + String $smb_client_use_spnego = $::winbind::params::smb_client_use_spnego, + String $smb_cups_options = $::winbind::params::smb_cups_options, + String $smb_disable_spoolss = $::winbind::params::smb_disable_spoolss, + String $smb_encrypt_passwords = $::winbind::params::smb_encrypt_passwords, + String $smb_idmap_config_backend = $::winbind::params::smb_idmap_config_backend, + String $smb_idmap_config_range = $::winbind::params::smb_idmap_config_range, + String $smb_kerberos_method = $::winbind::params::smb_kerberos_method, + String $smb_load_printers = $::winbind::params::smb_load_printers, + String $smb_log_file = $::winbind::params::smb_log_file, + String $smb_passdb_backend = $::winbind::params::smb_passdb_backend, + String $smb_printcap_name = $::winbind::params::smb_printcap_name, + String $smb_printing = $::winbind::params::smb_printing, + String $smb_realm = $::winbind::params::smb_realm, + String $smb_security = $::winbind::params::smb_security, + String $smb_server_string = $::winbind::params::smb_server_string, + String $smb_show_add_printer_wizard = $::winbind::params::smb_show_add_printer_wizard, + String $smb_template_homedir = $::winbind::params::smb_template_homedir, + String $smb_template_shell = $::winbind::params::smb_template_shell, + String $smb_winbind_enum_groups = $::winbind::params::smb_winbind_enum_groups, + String $smb_winbind_enum_users = $::winbind::params::smb_winbind_enum_users, + String $smb_winbind_separator = $::winbind::params::smb_winbind_separator, + String $smb_workgroup = $::winbind::params::smb_workgroup, # lint:endignore ) inherits ::winbind::params { # validate parameters - include ::stdlib - - # strings - validate_string($pam_debug) - validate_string($pam_debug_state) - validate_string($pam_cached_login) - validate_string($pam_krb5_auth) - validate_string($pam_krb5_ccache_type) - validate_string($pam_silent) - validate_string($pam_mkhomedir) - validate_string($smb_workgroup) - validate_string($smb_realm) - validate_string($smb_encrypt_passwords) - validate_string($smb_server_string) - validate_string($smb_security) - validate_string($smb_log_file) - validate_string($smb_printcap_name) - validate_string($smb_printing) - validate_string($smb_winbind_enum_users) - validate_string($smb_winbind_enum_groups) - validate_string($smb_winbind_nss_info) - validate_string($smb_winbind_normalize_names) - validate_string($smb_winbind_separator) - validate_string($smb_template_homedir) - validate_string($smb_template_shell) - validate_string($smb_idmap_config_default_backend) - validate_string($krb5_default) - validate_string($krb5_kdc) - validate_string($krb5_admin_server) - validate_string($krb5_ticket_lifetime) - validate_string($krb5_renew_lifetime) - validate_string($oddjobd_homdir_mask) - - # arrays - validate_array($pam_require_membership_of) - validate_array($smb_includes_files) - - # numbers - if ( !is_numeric($pam_warn_pwd_expire) ) { - fail('pam_warn_pwd_expire must be a number') - } - - if ( !is_numeric($smb_log_level) ) { - fail('smb_log_level must be a number') - } - - if ( !is_numeric($smb_syslog) ) { - fail('smb_syslog must be a number') - } - - if ( !is_numeric($smb_max_log_size) ) { - fail('smb_max_log_size must be a number') - } - - if ( !is_numeric($smb_idmap_config_default_range_start) ) { - fail('smb_idmap_config_default_range_start must be a number') - } - - if ( !is_numeric($smb_idmap_config_default_range_end) ) { - fail('smb_idmap_config_default_range_end must be a number') - } - - if ( !is_numeric($smb_idmap_config_default_rangesize) ) { - fail('smb_idmap_config_default_rangesize must be a number') - } - - - # booleans - if ( !is_bool($smb_winbind_use_default_domain) ) { - fail('smb_winbind_use_default_domain must be a true or false') - } - - if ( !is_bool($smb_winbind_offline_logon) ) { - fail('smb_winbind_offline_logon must be a true or false') - } - - if ( !is_bool($krb5_dns_lookup_realm) ) { - fail('krb5_dns_lookup_realm must be a true or false') - } - - if ( !is_bool($krb5_dns_lookup_kdc) ) { - fail('krb5_dns_lookup_kdc must be a true or false') - } - - if ( !is_bool($krb5_forwardable) ) { - fail('krb5_forwardable must be a true or false') - } - validate_bool($manage_oddjob_service) - validate_bool($manage_messagebus_service) - + #include ::stdlib # use the install -> config -> service model anchor {'::winbind::start': } diff --git a/manifests/install.pp b/manifests/install.pp index cdbee14..ae357af 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,37 +1,13 @@ # Installs packages required to utilize winbind for joining Active Directory class winbind::install ( - $enable_sharing = $::winbind::enable_sharing, $package_ensure = $::winbind::package_ensure, ) { case $::osfamily { 'RedHat' : { - case $::operatingsystemmajrelease { - '5' : { - package { 'samba3x-winbind': - ensure => $package_ensure, - } - - if ($enable_sharing) { - package { 'samba3x': - ensure => $package_ensure, - } - } - } - - default : { - $packages = ['samba-winbind-clients', 'oddjob-mkhomedir'] - - package { $packages: - ensure => $package_ensure, - } - - if ($enable_sharing) { - package { 'samba': - ensure => $package_ensure, - } - } - } + $packages = ['samba-winbind-clients'] + package { $packages: + ensure => $package_ensure, } } # end RedHat @@ -39,12 +15,6 @@ package { 'samba-winbind': ensure => $package_ensure, } - - if ($enable_sharing) { - package { 'samba': - ensure => $package_ensure, - } - } } # end Suse default : { diff --git a/manifests/params.pp b/manifests/params.pp index ac802c0..c2f7724 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,61 +1,65 @@ # Default settings for parameters class winbind::params { - $enable_sharing = false - $krb5_admin_server = 'FILE:/var/log/kadmind.log' - $krb5_default = 'FILE:/var/log/krb5libs.log' - $krb5_dns_lookup_kdc = true - $krb5_dns_lookup_realm = false - $krb5_forwardable = true - $krb5_kdc = 'FILE:/var/log/krb5kdc.log' - $krb5_renew_lifetime = '7d' - $krb5_ticket_lifetime = '24h' - $manage_joindomain_script = true - $manage_messagebus_service = true - $manage_oddjob_service = $::osfamily ? { - 'Suse' => false, - default => true, - } - $manage_samba_service = true - $oddjobd_homdir_mask = '0077' - $package_ensure = 'present' - $pam_cached_login = 'yes' - $pam_debug = 'no' - $pam_debug_state = 'no' - $pam_krb5_auth = 'no' - # An string is needed here, even if it is an empty one. + # Kerberos + $krb5_libdefaults_default_realm = 'DE.LAN' + $krb5_libdefaults_dns_lookup_kdc = true + $krb5_libdefaults_dns_lookup_realm = false + $krb5_libdefaults_forwardable = true + $krb5_libdefaults_renew_lifetime = '7d' + $krb5_libdefaults_ticket_lifetime = '24h' + $krb5_logging_admin_server = 'FILE:/var/log/kadmind.log' + $krb5_logging_default = 'FILE:/var/log/krb5libs.log' + $krb5_logging_kdc = 'FILE:/var/log/krb5kdc.log' + $krb5_realms_admin_server = 's-ad-01:749' + $krb5_realms_kdc = ['s-ad-01:88','s-ad-02:88'] + # Services & Packages + $manage_joindomain_script = false + $manage_samba_service = true + #$manage_oddjob_service = $::osfamily ? { + # 'Suse' => false, + # default => true, + $package_ensure = 'present' + # PAM + $pam_cached_login = 'no' + $pam_debug = 'no' + $pam_debug_state = 'no' + $pam_krb5_auth = 'no' + # An is needed here, even if it is an empty one. # lint:ignore:empty_string_assignment - $pam_krb5_ccache_type = '' + $pam_krb5_ccache_type = '' # lint:endignore - $pam_mkhomedir = 'no' - $pam_require_membership_of = ['',] - $pam_silent = 'no' - $pam_warn_pwd_expire = 14 - $smb_encrypt_passwords = 'yes' - $smb_idmap_config_default_backend = 'autorid' - $smb_idmap_config_default_range_end = 19999999 - $smb_idmap_config_default_rangesize = 1000000 - $smb_idmap_config_default_range_start = 1000000 - $smb_includes_dir = '/etc/samba/smb.conf.d' - $smb_includes_files = [] - $smb_log_file = '/var/log/samba/%m' - $smb_log_level = 0 - $smb_max_log_size = 0 - $smb_printcap_name = 'cups' - $smb_printing = 'cups' - $smb_realm = 'EXAMPLE.COM' - $smb_security = 'ads' - $smb_server_string = $::hostname - $smb_settings_hash = undef - $smb_syslog = 0 - $smb_template_homedir = '/home/%D/%U' - $smb_template_shell = '/bin/bash' - $smb_winbind_enum_groups = 'no' - $smb_winbind_enum_users = 'no' - $smb_winbind_normalize_names = 'no' - $smb_winbind_nss_info = 'rfc2307' - $smb_winbind_offline_logon = true - $smb_winbind_separator = '+' - $smb_winbind_use_default_domain = true - $smb_workgroup = 'EXAMPLE' - + $pam_mkhomedir = 'no' + $pam_require_membership_of = ['',] + $pam_silent = 'no' + $pam_warn_pwd_expire = 14 + # SMB + $smb_client_use_spnego = 'yes' + $smb_cups_options = 'raw' + $smb_disable_spoolss = 'yes' + $smb_encrypt_passwords = 'yes' + $smb_idmap_config_backend = 'rid' + $smb_idmap_config_base_rid = 0 + $smb_idmap_config_range = '1 - 49999' + $smb_idmap_config_rangesize = 1000000 + $smb_kerberos_method = 'secrets only' + $smb_load_printers = 'no' + $smb_log_file = '/var/log/samba/log.%m' + $smb_max_log_size = 50 + $smb_passdb_backend = 'tdbsam' + $smb_password_server = 's-ad-01 s-ad-02' + $smb_printcap_name = '/dev/nul' + $smb_printing = 'bsd' + $smb_realm = 'DE.LAN' + $smb_security = 'ads' + $smb_server_string = 'Samba Server Version %v' + $smb_show_add_printer_wizard = 'no' + $smb_template_homedir = '/home/%D/%U' + $smb_template_shell = '/bin/bash' + $smb_winbind_cache_time = 30 + $smb_winbind_enum_groups = 'no' + $smb_winbind_enum_users = 'no' + $smb_winbind_offline_logon = false + $smb_winbind_separator = '/' + $smb_winbind_use_default_domain = true + $smb_workgroup = 'DE' } diff --git a/manifests/service.pp b/manifests/service.pp index 76d4d53..72fa41d 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -7,61 +7,24 @@ ) { case $::osfamily { 'RedHat' : { - if versioncmp($::operatingsystemmajrelease, '7') < 0 { - if ($manage_messagebus_service == true) { - service { 'messagebus': - ensure => 'running', - enable => true, - before => Service['oddjobd'], - } - } - - if ($manage_oddjob_service == true) { - service { 'oddjobd': - ensure => 'running', - enable => true, - } - } - - if ($enable_sharing == true and $manage_samba_service == true) { - service { 'smb': - ensure => 'running', - enable => true, - } - } - service { 'winbind': + if ($manage_samba_service == true) { + service { 'smb': ensure => 'running', enable => true, } + } - } else { - if ($manage_oddjob_service == true) { - service { 'oddjobd': - ensure => 'running', - name => 'oddjobd.service', - enable => true, - } - } - - if ($enable_sharing == true and $manage_samba_service == true) { - service { 'smb': - ensure => 'running', - enable => true, - } - } - - service { 'winbind': - ensure => 'running', - name => 'winbind.service', - enable => true, - } + service { 'winbind': + ensure => 'running', + name => 'winbind.service', + enable => true, + } - } # end else } # end RedHat 'Suse' : { - if ($enable_sharing == true and $manage_samba_service == true) { + if ($manage_samba_service == true) { service { 'smb': ensure => 'running', enable => true, diff --git a/templates/krb5.conf.erb b/templates/krb5.conf.erb index 4f8f18e..c6acfd0 100644 --- a/templates/krb5.conf.erb +++ b/templates/krb5.conf.erb @@ -1,26 +1,31 @@ -################################### +####################################################################### # -# This file is managed by Puppet +# This file is managed by the samba puppet module. +# *** DO NOT EDIT LOCALLY, CHANGE PARAMETERS ON THE PUPPET MASTER *** # -################################### +####################################################################### [logging] - default = <%= @krb5_default %> - kdc = <%= @krb5_kdc %> - admin_server = <%= @krb5_admin_server %> + admin_server = <%= @krb5_logging_admin_server %> + default = <%= @krb5_logging_default %> + kdc = <%= @krb5_logging_kdc %> [libdefaults] - default_realm = <%= @smb_realm.upcase %> - dns_lookup_realm = <%= @krb5_dns_lookup_realm %> - dns_lookup_kdc = <%= @krb5_dns_lookup_kdc %> - ticket_lifetime = <%= @krb5_ticket_lifetime %> - renew_lifetime = <%= @krb5_renew_lifetime %> - forwardable = <%= @krb5_forwardable %> + default_realm = <%= @krb5_libdefaults_default_realm.upcase %> + dns_lookup_kdc = <%= @krb5_libdefaults_dns_lookup_kdc %> + dns_lookup_realm = <%= @krb5_libdefaults_dns_lookup_realm %> + forwardable = <%= @krb5_libdefaults_forwardable %> + renew_lifetime = <%= @krb5_libdefaults_renew_lifetime %> + ticket_lifetime = <%= @krb5_libdefaults_ticket_lifetime %> [realms] <%= @smb_realm.upcase %> = { + admin_server = <%= @krb5_realms_admin_server %> + <%- Array(@krb5_realms_kdc).each do |server| -%> + kdc = <%= server %> + <%- end -%> } [domain_realm] - .<%= @smb_realm.downcase %> = <%= @smb_realm.upcase %> - <%= @smb_realm.downcase %> = <%= @smb_realm.upcase %> + .<%= @smb_realm.downcase %> = <%= @smb_realm.upcase %> + <%= @smb_realm.downcase %> = <%= @smb_realm.upcase %> diff --git a/templates/pam_winbind.conf.erb b/templates/pam_winbind.conf.erb index c79eeb0..b0993ea 100644 --- a/templates/pam_winbind.conf.erb +++ b/templates/pam_winbind.conf.erb @@ -1,8 +1,9 @@ -################################### +####################################################################### # -# This file is managed by Puppet +# This file is managed by the samba puppet module. +# *** DO NOT EDIT LOCALLY, CHANGE PARAMETERS ON THE PUPPET MASTER *** # -################################### +####################################################################### # # pam_winbind configuration file # diff --git a/templates/smb.conf.erb b/templates/smb.conf.erb index 63237be..2f3fa2e 100644 --- a/templates/smb.conf.erb +++ b/templates/smb.conf.erb @@ -1,38 +1,37 @@ -################################### +####################################################################### # -# This file is managed by Puppet +# This file is managed by the samba puppet module. +# *** DO NOT EDIT LOCALLY, CHANGE PARAMETERS ON THE PUPPET MASTER *** # -################################### +####################################################################### [global] - workgroup = <%= @smb_workgroup.upcase %> - realm = <%= @smb_realm.upcase %> - encrypt passwords = <%= @smb_encrypt_passwords %> - log level = <%= @smb_log_level %> - syslog = <%= @smb_syslog %> -; server string = <%= @smb_server_string %> - security = <%= @smb_security %> - log file = <%= @smb_log_file %> - max log size = <%= @smb_max_log_size %> - printcap name = <%= @smb_printcap_name %> - printing = <%= @smb_printing %> - winbind enum users = <%= @smb_winbind_enum_users %> - winbind enum groups = <%= @smb_winbind_enum_groups %> - winbind use default domain = <%= @smb_winbind_use_default_domain %> - winbind nss info = <%= @smb_winbind_nss_info %> - winbind normalize names = <%= @smb_winbind_normalize_names %> - winbind offline logon = <%= @smb_winbind_offline_logon %> - winbind separator = <%= @smb_winbind_separator %> - template homedir = <%= @smb_template_homedir %> - template shell = <%= @smb_template_shell %> - idmap config *:backend = <%= @smb_idmap_config_default_backend %> - idmap config *:range = <%= @smb_idmap_config_default_range_start %>-<%= @smb_idmap_config_default_range_end %> - idmap config *:rangesize = <%= @smb_idmap_config_default_rangesize %> - - # settings provided as a hash to Puppet - include = <%= @smb_include_dir %>/smb-extras.conf - - # user defined include files -<% @smb_includes_files.each do |include_file| -%> - include = <%= @smb_include_dir %>/<%= include_file %>.conf -<% end %> + client use spnego = <%= @smb_client_use_spnego %> + cups options = <%= @smb_cups_options %> + disable spoolss = <%= @smb_disable_spoolss %> + encrypt passwords = <%= @smb_encrypt_passwords %> + idmap config DE:backend = <%= @smb_idmap_config_backend %> + idmap config DE:base_rid = <%= @smb_idmap_config_base_rid %> + idmap config DE:range = <%= @smb_idmap_config_range %> + idmap config DE:rangesize = <%= @smb_idmap_config_rangesize %> + kerberos method = <%= @smb_kerberos_method %> + load printers = <%= @smb_load_printers %> + log file = <%= @smb_log_file %> + max log size = <%= @smb_max_log_size %> + passdb backend = <%= @smb_passdb_backend %> + password server = <%= @smb_password_server %> + printcap name = <%= @smb_printcap_name %> + printing = <%= @smb_printing %> + realm = <%= @smb_realm %> + security = <%= @smb_security %> + server string = <%= @smb_server_string %> + show add printer wizard = <%= @smb_show_add_printer_wizard %> + template homedir = <%= @smb_template_homedir %> + template shell = <%= @smb_template_shell %> + winbind cache time = <%= @smb_winbind_cache_time %> + winbind enum groups = <%= @smb_winbind_enum_groups %> + winbind enum users = <%= @smb_winbind_enum_users %> + winbind offline logon = <%= @smb_winbind_offline_logon %> + winbind separator = <%= @smb_winbind_separator %> + winbind use default domain = <%= @smb_winbind_use_default_domain %> + workgroup = <%= @smb_workgroup %>