samba: Added ad domain member support to samba::server.

2014-01-19 14:13:09 +02:00 · 2014-01-19 14:13:09 +02:00 · 9fd6b1e38d
commit 9fd6b1e38d
parent e0362e5215
2 changed files with 20 additions and 2 deletions
--- a/samba/manifests/init.pp
+++ b/samba/manifests/init.pp
@ -66,7 +66,7 @@ class samba::server::configs {
 # === Parameters
 #
 #     $auth:
-#         Server authentication type. Valid values are tdbsam, ldap and
+#         Server authentication type. Valid values are tdbsam, ldap, ad and
 #         domain. Default is tdbsam.
 #     $description:
 #         Server description. Defaults to "Samba Server Version %v".
@ -78,7 +78,8 @@ class samba::server::configs {
 #         Array of NetBIOS names that host will be advertised. Defaults to
 #         [$::hostname].
 #     $workgroup:
-#         Workgroup or domain name.
+#         Workgroup or domain name. For ad authentication this needs to be
+#         full ad realm name.
 #
 # === Global variables
 #
@ -183,6 +184,15 @@ class samba::server($names=[$::hostname], $auth="tdbsam",
                require     => Service["smb"],
            }
        }
+        "ad": {
+            exec { "net ads join":
+                command     => "net ads join -U ${samba_join_user}%\"\${SECRET}\"",
+                environment => "SECRET=${samba_join_pass}",
+                path        => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",  
+                unless      => "net ads testjoin",
+                require     => Service["smb"],
+            }
+        }
    }

    service { "smb":
--- a/samba/templates/smb.conf.erb
+++ b/samba/templates/smb.conf.erb
@ -2,7 +2,11 @@
 [global]

 # host naming
+<% if @auth == 'ad' -%>
+workgroup = <%= @workgroup.split('.')[0].upcase %>
+<% else -%>
 workgroup = <%= @workgroup.upcase %>
+<% end -%>
 server string = <%= @description %>
 netbios name = <%= @names[0] %>
 <% if @names.length > 1 -%>
@ -28,6 +32,10 @@ ldap suffix = <%= @ldap_basedn %>
 <% elsif @auth == 'domain' -%>
 security = domain
 password server = *
+<% elsif @auth == 'ad' -%>
+security = domain
+realm = <%= @workgroup.upcase %>
+kerberos method = secrets and keytab
 <% else -%>
 <%   scope.function_fail(['Invalid value "%s" for auth.' % @auth]) -%>
 <% end -%>