|
|
|
---
|
|
|
|
|
|
|
|
- set_fact: samba_tls_cert={{ '/var/lib/dehydrated/certificates/certs/' + samba_letsencrypt_cert + '/fullchain.pem' }}
|
|
|
|
when: samba_letsencrypt_cert is defined
|
|
|
|
tags: [cert,samba]
|
|
|
|
|
|
|
|
- set_fact: samba_tls_key={{ '/var/lib/dehydrated/certificates/certs/' + samba_letsencrypt_cert + '/privkey.pem' }}
|
|
|
|
when: samba_letsencrypt_cert is defined
|
|
|
|
tags: [cert,samba]
|
|
|
|
|
|
|
|
- set_fact: samba_i_am_primary_dc={{ (inventory_hostname == samba_primary_dc and samba_role == 'dc') | ternary(True,False) }}
|
|
|
|
tags: samba
|
|
|
|
|
|
|
|
- name: Merge custom password complexity rules with default ones
|
|
|
|
set_fact: samba_pwd_policy={{ samba_base_pwd_policy | combine(samba_pwd_policy) }}
|
|
|
|
tags: samba
|
|
|
|
|
|
|
|
- include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
|
|
|
|
- vars/{{ ansible_distribution }}.yml
|
|
|
|
- vars/{{ ansible_os_family }}.yml
|
|
|
|
tags: samba
|
|
|
|
|
|
|
|
- name: Set a default samba domain
|
|
|
|
set_fact: samba_domain={{ ansible_domain | regex_replace('\.[a-z]+$','') }}
|
|
|
|
when: samba_domain is not defined
|
|
|
|
tags: samba
|
|
|
|
|
|
|
|
- name: Check if domain is provisionned
|
|
|
|
stat: path=/var/lib/samba/sysvol/{{ samba_realm }}
|
|
|
|
register: samba_dc_sysvol
|
|
|
|
tags: samba
|
|
|
|
|
|
|
|
- name: Add rsyncd port to the list of ports
|
|
|
|
set_fact: samba_dc_tcp_ports={{ samba_dc_tcp_ports + ['873'] }}
|
|
|
|
when: samba_i_am_primary_dc == True
|
|
|
|
tags: samba
|
|
|
|
|
|
|
|
# No sssd compiled against TIS samba4 yet for el8
|
|
|
|
# so disable ad_auth for samba DC in this case
|
|
|
|
- name: Disable ad_auth for samba DC
|
|
|
|
set_fact: ad_auth=False
|
|
|
|
when:
|
|
|
|
- samba_role in [ 'dc', 'rodc' ]
|
|
|
|
- ansible_os_family == 'RedHat'
|
|
|
|
- ansible_distribution_major_version is version('8','>=')
|
|
|
|
tags: samba
|