Ansible Role: samba_ad_dc

Ansible role to install, provision, and optionally remove a Samba Active Directory Domain Controller (AD DC) on Debian-based systems (e.g., Debian, Ubuntu).

---

✅ Features

• Installs and configures Samba as an AD Domain Controller
• Uses samba-tool to provision the domain
• Idempotent: Won't re-provision if already set up
• Reversible: Set state: absent to cleanly remove Samba AD DC
• Sets up /etc/hosts and DNS resolver
• Separate Kerberos configuration
• Logging of provisioning
• Molecule tests included for both present and absent states

---

📦 Role Variables

Main Variables

Variable	Description	Default
samba_ad_dc_state	present to install, absent to remove	present
samba_realm	Kerberos Realm (e.g., EXAMPLE.COM)	EXAMPLE.COM
samba_domain	NetBIOS domain name (e.g., EXAMPLE)	EXAMPLE
samba_admin_password	Admin password for the domain	StrongAdminPassword123!
samba_dns_backend	DNS backend (SAMBA_INTERNAL, BIND9_DLZ)	SAMBA_INTERNAL
samba_hostname	Hostname for the server	inventory_hostname

---

🧰 Example Playbook

- hosts: samba
  become: true
  roles:
    - role: samba_ad_dc
      vars:
        samba_realm: "CORP.EXAMPLE.COM"
        samba_domain: "CORP"
        samba_admin_password: "SuperSecretPassw0rd!"

❌ Remove Samba AD DC
- hosts: samba
  become: true
  roles:
    - role: samba_ad_dc
      vars:
        samba_ad_dc_state: absent

📁 Included Tasks

install.yml: Installs and provisions Samba AD

remove.yml: Stops and removes Samba AD

kerberos.yml: Configures Kerberos (/etc/krb5.conf)

verify.yml: Validates the installation (samba-tool, kinit)

dns_hosts.yml: Ensures /etc/hosts and DNS resolvers are set

logging.yml: Logs provisioning output

📄 Templates

smb.conf.j2: Samba configuration

krb5.conf.j2: Kerberos configuration

🔒 Security Notes

Passwords should be stored in Ansible Vault for production.

DNS and Kerberos configuration assumes internal AD DNS — adjust for external resolvers if needed.

🧩 Compatibility

OS: Debian 10/11/12+, Ubuntu 20.04/22.04+

Ansible: 2.9+