Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

104 lines
3.1 KiB

---
# Can be dc, standalone, or member
samba_role: member
# Netbios name. Default is the hostname part of the dns name
# samba_netbios_name:
# The following settings are only needed when role is dc or member
#
# Default samba domain will be your domain name without the TLD
# samba_domain: FWS
# samba_realm: ad.fws.fr
# Must be defined manually
# samba_dc_admin_pass:
# log level directive in smb.conf
samba_log_level: >
1
auth_audit:3
auth_json_audit:4@/var/log/samba/audit_auth.log
dsdb_json_audit:4@/var/log/samba/audit_dsdb.log
dsdb_password_json_audit:4@/var/log/samba/audit_dsdb_password.log
dsdb_transaction_json_audit:4@/var/log/samba/audit_dsdb_transaction.log
samba_serve_homes: False
# The following are only used when role is dc
# There's no real "primary" DC, but you should set this to the
# first DC. It'll be provisionned, get the FSMO roles and setup
# rsync share for the sysvol. Others DC will replicate its sysvol
# samba_primary_dc: dc1.domain.net
# Password used for rsyncd. Used to fetch sysvol from the primary DC
samba_sysvol_rsync_pass: "{{ samba_dc_admin_pass | password_hash('sha512', 65534 | random(seed=samba_realm) | string) }}"
# Wether to allow simple binds over unencrypted connections
samba_allow_insecure_ldap: False
# The following are for the password policy to apply to the domain
samba_base_pwd_policy:
complexity: 'off'
min-pwd-length: 6
max-pwd-age: 0
min-pwd-age: 0
history-length: 1
account-lockout-duration: 30
account-lockout-threshold: 0
reset-account-lockout-after: 30
samba_pwd_policy: {}
# Used to parse the output of samba-tool domain passwordsettings show. You shouldn't modify this
samba_pwd_policy_descriptions:
complexity: Password complexity
min-pwd-length: Minimum password length
max-pwd-age: Maximum password age \(days\)
min-pwd-age: Minimum password age \(days\)
history-length: Password history length
account-lockout-duration: Account lockout duration \(mins\)
account-lockout-threshold: Account lockout threshold \(attempts\)
reset-account-lockout-after: Reset account lockout after \(mins\)
# The DNS zones to create:
# samba_dns_zones:
# - 99.10.in-addr.arpa
# - sub.domain.com
# Set to True if you want zones not managed by ansible to be removed
samba_remove_unmanaged_dns_zones: False
# List of DNS servers to which requests for non local domains should be forwarded
# samba_dns_forwarder:
# Ports used by the internal DNS server, and the IP allowed to access this
# This port will be opened for both TCP and UDP
samba_dns_ports: [53]
# Empty list means nobody can access the service
samba_dns_src_ip: []
# Ports needed when acting as a DC
samba_dc_tcp_ports: [389,636,88,135,137,138,139,445,464,3268,3269,'49152:65535']
samba_dc_udp_ports: [389,88,464,123,137,138]
samba_dc_src_ip: []
# Ports needed when acting as a file server
samba_file_tcp_ports: [137,138,139,445]
samba_file_udp_ports: [137,138]
samba_file_src_ip: []
samba_trusted_domains: {}
# samba_trusted_domains:
# - name: ad.fws.fr
# admin_user: administrator
# admin_pass: s3cret
# samba_tls_cert:
# samba_tls_key:
# samba_tls_ca:
#
# Or
#
# samba_tls_letsencrypt_cert: