refactor ♻️: Refactoring the Ansible playbook to include new tasks for joining an Active Directory domain.

Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process.
2025-10-08 19:04:53 +02:00
parent ef115151e4
commit 180a1f8639
6 changed files with 91 additions and 1 deletions
@@ -1,3 +1,24 @@
-# ---> Ansible
+# Ansible specific (optional - ignore temporary output or secrets)
 *.retry
+*.vault
+*.vault_pass
+*.secret
+*.log

+# VSCode settings
+.vscode/
+*.code-workspace
+
+# Windows system files
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+$RECYCLE.BIN/
+*.lnk
+
+# Backup files
+*~
+*.bak
+*.swp
+*.swo
+*.tmp
@@ -1,2 +1,3 @@
 # ansible_samba_domain_member

+Install and configure Samba + Kerberos to join AD
@@ -0,0 +1,5 @@
+ad_domain: example.com
+ad_realm: EXAMPLE.COM
+ad_dc: dc1.example.com
+ad_admin_user: administrator
+ad_admin_password: YourPassword
@@ -0,0 +1,45 @@
+---
+- name: Install required packages
+  apt:
+    name:
+      - samba
+      - krb5-user
+      - winbind
+      - libpam-winbind
+      - libnss-winbind
+    state: present
+  become: yes
+
+- name: Configure Kerberos
+  template:
+    src: krb5.conf.j2
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Configure Samba
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Join the domain
+  shell: |
+    echo "{{ ad_admin_password }}" | net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}
+  args:
+    warn: false
+  register: join_result
+  changed_when: "'Joined domain' in join_result.stdout"
+
+- name: Enable and start required services
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  loop:
+    - smbd
+    - nmbd
+    - winbind
@@ -0,0 +1,4 @@
+[libdefaults]
+    default_realm = {{ ad_realm }}
+    dns_lookup_realm = false
+    dns_lookup_kdc = true
@@ -0,0 +1,14 @@
+[global]
+   workgroup = {{ ad_realm.split('.')[0] }}
+   security = ads
+   realm = {{ ad_realm }}
+   winbind use default domain = true
+   winbind offline logon = false
+   dedicated keytab file = /etc/krb5.keytab
+   kerberos method = secrets and keytab
+   idmap config * : backend = tdb
+   idmap config * : range = 10000-20000
+   idmap config {{ ad_realm.split('.')[0] }} : backend = rid
+   idmap config {{ ad_realm.split('.')[0] }} : range = 20001-999999
+   template shell = /bin/bash
+   template homedir = /home/%U