First draft generated by LLM

tasks/verify.yml

@@ -0,0 +1,40 @@
+---
+- name: Verify Samba AD DC setup
+  when: samba_verify | bool
+  block:
+
+    - name: Run 'samba-tool domain info'
+      command: samba-tool domain info 127.0.0.1
+      register: domain_info
+      changed_when: false
+
+    - name: Assert that the domain is provisioned
+      assert:
+        that:
+          - "'Netbios name' in domain_info.stdout"
+          - "'Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout"
+
+    - name: Attempt kinit with administrator
+      command: echo "{{ samba_admin_password }}" | kinit administrator@{{ samba_realm }}
+      register: kinit_result
+      changed_when: false
+      failed_when: kinit_result.rc != 0
+
+    - name: Check Kerberos ticket
+      command: klist
+      register: klist_result
+      changed_when: false
+
+    - name: Assert Kerberos ticket exists
+      assert:
+        that:
+          - "'krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout"
+
+    - name: Check Samba AD DC service status
+      service_facts:
+
+    - name: Assert samba-ad-dc service is active
+      assert:
+        that:
+          - "'samba-ad-dc' in ansible_facts.services"
+          - ansible_facts.services['samba-ad-dc'].state == 'running'