README.md

# Ansible Role: samba_ad_dc

Ansible role to **install**, **provision**, and optionally **remove** a Samba Active Directory Domain Controller (AD DC) on **Debian-based systems** (e.g., Debian, Ubuntu). 

---

## ✅ Features

- Installs and configures Samba as an AD Domain Controller
- Uses `samba-tool` to provision the domain
- Idempotent: Won't re-provision if already set up
- Reversible: Set `state: absent` to cleanly remove Samba AD DC
- Sets up `/etc/hosts` and DNS resolver
- Separate Kerberos configuration
- Logging of provisioning
- Molecule tests included for both `present` and `absent` states

---

## 📦 Role Variables

### Main Variables

| Variable                 | Description                                  | Default              |
|--------------------------|----------------------------------------------|----------------------|
| `samba_ad_dc_state`      | `present` to install, `absent` to remove     | `present`            |
| `samba_realm`            | Kerberos Realm (e.g., `EXAMPLE.COM`)         | `EXAMPLE.COM`        |
| `samba_domain`           | NetBIOS domain name (e.g., `EXAMPLE`)        | `EXAMPLE`            |
| `samba_admin_password`   | Admin password for the domain                | `StrongAdminPassword123!` |
| `samba_dns_backend`      | DNS backend (`SAMBA_INTERNAL`, `BIND9_DLZ`)  | `SAMBA_INTERNAL`     |
| `samba_hostname`         | Hostname for the server                      | `inventory_hostname` |

---

## 🧰 Example Playbook

```yaml
- hosts: samba
  become: true
  roles:
    - role: samba_ad_dc
      vars:
        samba_realm: "CORP.EXAMPLE.COM"
        samba_domain: "CORP"
        samba_admin_password: "SuperSecretPassw0rd!"

❌ Remove Samba AD DC
- hosts: samba
  become: true
  roles:
    - role: samba_ad_dc
      vars:
        samba_ad_dc_state: absent

📁 Included Tasks

install.yml: Installs and provisions Samba AD

remove.yml: Stops and removes Samba AD

kerberos.yml: Configures Kerberos (/etc/krb5.conf)

verify.yml: Validates the installation (samba-tool, kinit)

dns_hosts.yml: Ensures /etc/hosts and DNS resolvers are set

logging.yml: Logs provisioning output

📄 Templates

smb.conf.j2: Samba configuration

krb5.conf.j2: Kerberos configuration

🔒 Security Notes

Passwords should be stored in Ansible Vault for production.

DNS and Kerberos configuration assumes internal AD DNS — adjust for external resolvers if needed.

🧩 Compatibility

OS: Debian 10/11/12+, Ubuntu 20.04/22.04+

Ansible: 2.9+
First draft generated by LLM 2025-09-30 17:40:18 +02:00			`# Ansible Role: samba_ad_dc`

			`Ansible role to install, provision, and optionally remove a Samba Active Directory Domain Controller (AD DC) on Debian-based systems (e.g., Debian, Ubuntu).`

			`---`

			`## ✅ Features`

			`- Installs and configures Samba as an AD Domain Controller`
			- Uses `samba-tool` to provision the domain
			`- Idempotent: Won't re-provision if already set up`
			- Reversible: Set `state: absent` to cleanly remove Samba AD DC
			- Sets up `/etc/hosts` and DNS resolver
			`- Separate Kerberos configuration`
			`- Logging of provisioning`
			- Molecule tests included for both `present` and `absent` states

			`---`

			`## 📦 Role Variables`

			`### Main Variables`

			`\| Variable \| Description \| Default \|`
			`\|--------------------------\|----------------------------------------------\|----------------------\|`
			\| `samba_ad_dc_state` \| `present` to install, `absent` to remove \| `present` \|
			\| `samba_realm` \| Kerberos Realm (e.g., `EXAMPLE.COM`) \| `EXAMPLE.COM` \|
			\| `samba_domain` \| NetBIOS domain name (e.g., `EXAMPLE`) \| `EXAMPLE` \|
			\| `samba_admin_password` \| Admin password for the domain \| `StrongAdminPassword123!` \|
			\| `samba_dns_backend` \| DNS backend (`SAMBA_INTERNAL`, `BIND9_DLZ`) \| `SAMBA_INTERNAL` \|
			\| `samba_hostname` \| Hostname for the server \| `inventory_hostname` \|

			`---`

			`## 🧰 Example Playbook`

			```yaml
			`- hosts: samba`
			`become: true`
			`roles:`
			`- role: samba_ad_dc`
			`vars:`
			`samba_realm: "CORP.EXAMPLE.COM"`
			`samba_domain: "CORP"`
			`samba_admin_password: "SuperSecretPassw0rd!"`

			`❌ Remove Samba AD DC`
			`- hosts: samba`
			`become: true`
			`roles:`
			`- role: samba_ad_dc`
			`vars:`
			`samba_ad_dc_state: absent`

			`📁 Included Tasks`

			`install.yml: Installs and provisions Samba AD`

			`remove.yml: Stops and removes Samba AD`

			`kerberos.yml: Configures Kerberos (/etc/krb5.conf)`

			`verify.yml: Validates the installation (samba-tool, kinit)`

			`dns_hosts.yml: Ensures /etc/hosts and DNS resolvers are set`

			`logging.yml: Logs provisioning output`

			`📄 Templates`

			`smb.conf.j2: Samba configuration`

			`krb5.conf.j2: Kerberos configuration`

			`🔒 Security Notes`

			`Passwords should be stored in Ansible Vault for production.`

			`DNS and Kerberos configuration assumes internal AD DNS — adjust for external resolvers if needed.`

			`🧩 Compatibility`

			`OS: Debian 10/11/12+, Ubuntu 20.04/22.04+`

			`Ansible: 2.9+`
Initial commit 2025-09-29 17:38:00 +02:00