From 9fd6b1e38d1391968badb9f03b24f733a96330af Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 19 Jan 2014 14:13:09 +0200
Subject: [PATCH] samba: Added ad domain member support to samba::server.

---
 samba/manifests/init.pp      | 14 ++++++++++++--
 samba/templates/smb.conf.erb |  8 ++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/samba/manifests/init.pp b/samba/manifests/init.pp
index cb6b3ab..deacfb0 100644
--- a/samba/manifests/init.pp
+++ b/samba/manifests/init.pp
@@ -66,7 +66,7 @@ class samba::server::configs {
 # === Parameters
 #
 #     $auth:
-#         Server authentication type. Valid values are tdbsam, ldap and
+#         Server authentication type. Valid values are tdbsam, ldap, ad and
 #         domain. Default is tdbsam.
 #     $description:
 #         Server description. Defaults to "Samba Server Version %v".
@@ -78,7 +78,8 @@ class samba::server::configs {
 #         Array of NetBIOS names that host will be advertised. Defaults to
 #         [$::hostname].
 #     $workgroup:
-#         Workgroup or domain name.
+#         Workgroup or domain name. For ad authentication this needs to be
+#         full ad realm name.
 #
 # === Global variables
 #
@@ -183,6 +184,15 @@ class samba::server($names=[$::hostname], $auth="tdbsam",
                 require     => Service["smb"],
             }
         }
+        "ad": {
+            exec { "net ads join":
+                command     => "net ads join -U ${samba_join_user}%\"\${SECRET}\"",
+                environment => "SECRET=${samba_join_pass}",
+                path        => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",  
+                unless      => "net ads testjoin",
+                require     => Service["smb"],
+            }
+        }
     }
 
     service { "smb":
diff --git a/samba/templates/smb.conf.erb b/samba/templates/smb.conf.erb
index 96b066a..f11c5b7 100644
--- a/samba/templates/smb.conf.erb
+++ b/samba/templates/smb.conf.erb
@@ -2,7 +2,11 @@
 [global]
 
 # host naming
+<% if @auth == 'ad' -%>
+workgroup = <%= @workgroup.split('.')[0].upcase %>
+<% else -%>
 workgroup = <%= @workgroup.upcase %>
+<% end -%>
 server string = <%= @description %>
 netbios name = <%= @names[0] %>
 <% if @names.length > 1 -%>
@@ -28,6 +32,10 @@ ldap suffix = <%= @ldap_basedn %>
 <% elsif @auth == 'domain' -%>
 security = domain
 password server = *
+<% elsif @auth == 'ad' -%>
+security = domain
+realm = <%= @workgroup.upcase %>
+kerberos method = secrets and keytab
 <% else -%>
 <%   scope.function_fail(['Invalid value "%s" for auth.' % @auth]) -%>
 <% end -%>