From 180a1f8639f5bdecd1053c6fbbb362b77f07dc24 Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Wed, 8 Oct 2025 19:04:53 +0200
Subject: [PATCH] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactoring=20?=
 =?UTF-8?q?the=20Ansible=20playbook=20to=20include=20new=20tasks=20for=20j?=
 =?UTF-8?q?oining=20an=20Active=20Directory=20domain.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added tasks to install required packages, configure Kerberos and Samba, and join the domain. This refactoring improves the automation of the setup process.
---
 .gitignore             | 23 ++++++++++++++++++++-
 README.md              |  1 +
 defaults/main.yml      |  5 +++++
 tasks/main.yml         | 45 ++++++++++++++++++++++++++++++++++++++++++
 templates/krb5.conf.j2 |  4 ++++
 templates/smb.conf.j2  | 14 +++++++++++++
 6 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 defaults/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/krb5.conf.j2
 create mode 100644 templates/smb.conf.j2

diff --git a/.gitignore b/.gitignore
index 5c199eb..c191586 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,24 @@
-# ---> Ansible
+# Ansible specific (optional - ignore temporary output or secrets)
 *.retry
+*.vault
+*.vault_pass
+*.secret
+*.log
 
+# VSCode settings
+.vscode/
+*.code-workspace
+
+# Windows system files
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+$RECYCLE.BIN/
+*.lnk
+
+# Backup files
+*~
+*.bak
+*.swp
+*.swo
+*.tmp
\ No newline at end of file
diff --git a/README.md b/README.md
index a9c322e..cf5ce34 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,3 @@
 # ansible_samba_domain_member
 
+Install and configure Samba + Kerberos to join AD
\ No newline at end of file
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..d48e11a
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+ad_domain: example.com
+ad_realm: EXAMPLE.COM
+ad_dc: dc1.example.com
+ad_admin_user: administrator
+ad_admin_password: YourPassword
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..71dccf4
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: Install required packages
+  apt:
+    name:
+      - samba
+      - krb5-user
+      - winbind
+      - libpam-winbind
+      - libnss-winbind
+    state: present
+  become: yes
+
+- name: Configure Kerberos
+  template:
+    src: krb5.conf.j2
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Configure Samba
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Join the domain
+  shell: |
+    echo "{{ ad_admin_password }}" | net ads join -U {{ ad_admin_user }}%{{ ad_admin_password }}
+  args:
+    warn: false
+  register: join_result
+  changed_when: "'Joined domain' in join_result.stdout"
+
+- name: Enable and start required services
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  loop:
+    - smbd
+    - nmbd
+    - winbind
diff --git a/templates/krb5.conf.j2 b/templates/krb5.conf.j2
new file mode 100644
index 0000000..24dadf0
--- /dev/null
+++ b/templates/krb5.conf.j2
@@ -0,0 +1,4 @@
+[libdefaults]
+    default_realm = {{ ad_realm }}
+    dns_lookup_realm = false
+    dns_lookup_kdc = true
diff --git a/templates/smb.conf.j2 b/templates/smb.conf.j2
new file mode 100644
index 0000000..a42a8c0
--- /dev/null
+++ b/templates/smb.conf.j2
@@ -0,0 +1,14 @@
+[global]
+   workgroup = {{ ad_realm.split('.')[0] }}
+   security = ads
+   realm = {{ ad_realm }}
+   winbind use default domain = true
+   winbind offline logon = false
+   dedicated keytab file = /etc/krb5.keytab
+   kerberos method = secrets and keytab
+   idmap config * : backend = tdb
+   idmap config * : range = 10000-20000
+   idmap config {{ ad_realm.split('.')[0] }} : backend = rid
+   idmap config {{ ad_realm.split('.')[0] }} : range = 20001-999999
+   template shell = /bin/bash
+   template homedir = /home/%U