Replaced " with '
This commit is contained in:
@@ -8,10 +8,10 @@
|
||||
- name: Create the reverse DNS zone {{ addc_reverse_zone_name }}
|
||||
community.general.expect:
|
||||
# Note: The 'expect' module is in the 'community.general' collection
|
||||
command: "samba-tool dns zonecreate {{ addc_ansible_host }} {{ addc_reverse_zone_name }} -U Administrator"
|
||||
command: 'samba-tool dns zonecreate {{ addc_ansible_host }} {{ addc_reverse_zone_name }} -U Administrator'
|
||||
responses:
|
||||
# Use the '(?i)' flag for case-insensitive matching of the prompt.
|
||||
'(?i)password for.*:': "{{ addc_admin_password }}"
|
||||
'(?i)password for.*:': '{{ addc_admin_password }}'
|
||||
no_log: true # Highly recommended to prevent the password from appearing in logs
|
||||
|
||||
- name: Create the PTR (reverse) DNS record
|
||||
@@ -25,7 +25,7 @@
|
||||
-U Administrator
|
||||
responses:
|
||||
# Expects the standard Samba password prompt
|
||||
'(?i)password for.*:': "{{ addc_admin_password }}"
|
||||
'(?i)password for.*:': '{{ addc_admin_password }}'
|
||||
no_log: true # Hide sensitive data from logs
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@
|
||||
|
||||
- name: Report the results of the smbclient verification
|
||||
ansible.builtin.debug:
|
||||
msg: "Samba Shares found: {{ smbclient_output.stdout }}"
|
||||
msg: 'Samba Shares found: {{ smbclient_output.stdout }}'
|
||||
|
||||
- name: Verify Samba AD authentication by accessing the netlogon share
|
||||
community.general.expect:
|
||||
@@ -45,7 +45,7 @@
|
||||
command: smbclient //localhost/netlogon -UAdministrator -c 'ls'
|
||||
responses:
|
||||
# Use the (?i) flag for case-insensitive matching of the prompt.
|
||||
'(?i)password:': "{{ addc_admin_password }}"
|
||||
'(?i)password:': '{{ addc_admin_password }}'
|
||||
no_log: true # CRITICAL: Prevents the password from being logged
|
||||
register: auth_verification
|
||||
changed_when: false # This is a verification/check, not a change
|
||||
@@ -55,7 +55,7 @@
|
||||
ansible.builtin.command: host -t SRV _ldap._tcp.{{ addc_auth_domain | lower }}.
|
||||
register: ldap_srv_check
|
||||
changed_when: false
|
||||
failed_when: "'has SRV record' not in ldap_srv_check.stdout"
|
||||
failed_when: ''has SRV record' not in ldap_srv_check.stdout'
|
||||
|
||||
- name: Debug - Show LDAP SRV check result
|
||||
ansible.builtin.debug:
|
||||
@@ -66,7 +66,7 @@
|
||||
ansible.builtin.command: host -t SRV _kerberos._udp.{{ addc_auth_domain | lower }}.
|
||||
register: kerberos_srv_check
|
||||
changed_when: false
|
||||
failed_when: "'has SRV record' not in kerberos_srv_check.stdout"
|
||||
failed_when: ''has SRV record' not in kerberos_srv_check.stdout'
|
||||
|
||||
- name: Debug - Show Kerberos SRV check result
|
||||
ansible.builtin.debug:
|
||||
@@ -77,7 +77,7 @@
|
||||
ansible.builtin.command: host -t A {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}.
|
||||
register: a_record_check
|
||||
changed_when: false
|
||||
failed_when: "{{ addc_ansible_host }} not in a_record_check.stdout"
|
||||
failed_when: '{{ addc_ansible_host }} not in a_record_check.stdout'
|
||||
|
||||
- name: Debug - Show A Record check result
|
||||
ansible.builtin.debug:
|
||||
@@ -89,7 +89,7 @@
|
||||
register: ptr_record_check
|
||||
changed_when: false
|
||||
# Assuming dc1.{{ addc_auth_domain }} is the expected output for the reverse record
|
||||
failed_when: "'domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout"
|
||||
failed_when: ''domain name pointer {{ addc_hostname | lower }}.{{ addc_auth_domain | lower }}' not in ptr_record_check.stdout'
|
||||
|
||||
- name: Debug - Show PTR Record check result
|
||||
ansible.builtin.debug:
|
||||
@@ -102,14 +102,14 @@
|
||||
responses:
|
||||
# Expects the standard Kerberos password prompt
|
||||
# The (?i) flag ensures case-insensitive matching.
|
||||
'(?i)password for administrator.*:': "{{ addc_admin_password }}"
|
||||
'(?i)password for administrator.*:': '{{ addc_admin_password }}'
|
||||
no_log: true # CRITICAL: Prevents the password from being logged
|
||||
register: kinit_check
|
||||
changed_when: false # This is a verification/check, not a change
|
||||
|
||||
- name: Debug - Show kinit verification result (should be empty on success)
|
||||
ansible.builtin.debug:
|
||||
msg: "Kerberos kinit verification successful. Output: {{ kinit_check.stdout }}"
|
||||
msg: 'Kerberos kinit verification successful. Output: {{ kinit_check.stdout }}'
|
||||
|
||||
- name: Optional - Show the cached Kerberos ticket
|
||||
ansible.builtin.command: klist
|
||||
@@ -136,11 +136,11 @@
|
||||
# - name: Assert that the domain is provisioned
|
||||
# assert:
|
||||
# that:
|
||||
# - "'Netbios name' in domain_info.stdout"
|
||||
# - "'Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout"
|
||||
# - ''Netbios name' in domain_info.stdout'
|
||||
# - ''Server Role: ACTIVE DIRECTORY DOMAIN CONTROLLER' in domain_info.stdout'
|
||||
|
||||
# - name: Attempt kinit with administrator
|
||||
# command: echo "{{ samba_admin_password }}" | kinit administrator@{{ samba_realm }}
|
||||
# command: echo '{{ samba_admin_password }}' | kinit administrator@{{ samba_realm }}
|
||||
# register: kinit_result
|
||||
# changed_when: false
|
||||
# failed_when: kinit_result.rc != 0
|
||||
@@ -153,7 +153,7 @@
|
||||
# - name: Assert Kerberos ticket exists
|
||||
# assert:
|
||||
# that:
|
||||
# - "'krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout"
|
||||
# - ''krbtgt/{{ samba_realm }}@{{ samba_realm }}' in klist_result.stdout'
|
||||
|
||||
# - name: Check Samba AD DC service status
|
||||
# service_facts:
|
||||
@@ -161,5 +161,5 @@
|
||||
# - name: Assert samba-ad-dc service is active
|
||||
# assert:
|
||||
# that:
|
||||
# - "'samba-ad-dc' in ansible_facts.services"
|
||||
# - ''samba-ad-dc' in ansible_facts.services'
|
||||
# - ansible_facts.services['samba-ad-dc'].state == 'running'
|
||||
|
||||
Reference in New Issue
Block a user