389 lines
11 KiB
Puppet
389 lines
11 KiB
Puppet
|
|
# Install Samba client tools
|
|
#
|
|
class samba::client {
|
|
|
|
package { "samba-client":
|
|
ensure => installed,
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add included samba configuration files
|
|
#
|
|
# This class is used internally by samba to override various configs.
|
|
#
|
|
class samba::server::configs {
|
|
|
|
file { "/etc/samba/smb.conf.d/print.conf":
|
|
ensure => present,
|
|
content => "load printers = no\nprintcap name = /dev/null\n",
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
require => File["/etc/samba/smb.conf.d"],
|
|
notify => Service["smb"],
|
|
}
|
|
|
|
file { "/etc/samba/smb.conf.d/domain.conf":
|
|
ensure => present,
|
|
content => "os level = 20\n",
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
require => File["/etc/samba/smb.conf.d"],
|
|
notify => Service["smb"],
|
|
}
|
|
|
|
file { "/etc/samba/smb.conf.d/wins.conf":
|
|
ensure => present,
|
|
content => $samba_wins ? {
|
|
"" => "name resolve order = lmhosts host bcast\n",
|
|
default => "name resolve order = lmhosts host wins bcast\nwins server=${samba_wins}\n",
|
|
},
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
require => File["/etc/samba/smb.conf.d"],
|
|
notify => Service["smb"],
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Install Samba server
|
|
#
|
|
# === Parameters
|
|
#
|
|
# $auth:
|
|
# Server authentication type. Valid values are tdbsam, ldap and
|
|
# domain. Default is tdbsam.
|
|
# $description:
|
|
# Server description. Defaults to "Samba Server Version %v".
|
|
# $interfaces:
|
|
# Array of intefaces samba should listen to. See "interfaces" option
|
|
# from smb.conf manual page for syntax. Localhost interface is
|
|
# added automatically. Defaults to all active interfaces.
|
|
# $names:
|
|
# Array of NetBIOS names that host will be advertised. Defaults to
|
|
# [$::hostname].
|
|
# $workgroup:
|
|
# Workgroup or domain name.
|
|
#
|
|
# === Global variables
|
|
#
|
|
# $samba_wins:
|
|
# WINS server address
|
|
#
|
|
# $ldap_server:
|
|
# LDAP server URI's to use. Only used when $auth is set to ldap.
|
|
# $ldap_basedn:
|
|
# LDAP basedn. Only used when $auth is set to ldap.
|
|
#
|
|
# $samba_join_user:
|
|
# Username to use when joining to domain. Only used when $auth is
|
|
# set to domain.
|
|
# $samba_join_pass:
|
|
# Password to use when joining to domain. Only used when $auth is
|
|
# set to domain.
|
|
#
|
|
class samba::server($names=[$::hostname], $auth="tdbsam",
|
|
$workgroup="WORKGROUP",
|
|
$description="Samba Server Version %v",
|
|
$interfaces=undef) {
|
|
|
|
include samba::server::configs
|
|
|
|
package { "samba":
|
|
ensure => installed,
|
|
}
|
|
|
|
file { "/etc/samba/smb.conf":
|
|
ensure => present,
|
|
content => template("samba/smb.conf.erb"),
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
require => Package["samba"],
|
|
notify => Service["smb"],
|
|
}
|
|
|
|
file { "/etc/samba/smb.conf.d":
|
|
ensure => directory,
|
|
mode => "0755",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
purge => true,
|
|
require => Package["samba"],
|
|
}
|
|
|
|
exec { "generate-samba-shares-conf":
|
|
command => "find /etc/samba/smb.conf.d/share-*.conf -exec echo 'include = {}' \\; > /etc/samba/smb.conf.d/shares.conf",
|
|
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
|
refreshonly => true,
|
|
notify => Service["smb"],
|
|
}
|
|
file { "/etc/samba/smb.conf.d/shares.conf":
|
|
ensure => present,
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
}
|
|
|
|
file { "/etc/samba/lmhosts":
|
|
ensure => present,
|
|
source => [ "puppet:///files/samba/lmhosts.${::homename}",
|
|
"puppet:///files/samba/lmhosts",
|
|
"puppet:///modules/samba/lmhosts", ],
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
require => Package["samba"],
|
|
}
|
|
|
|
case $auth {
|
|
"ldap": {
|
|
exec { "smbpasswd -w":
|
|
command => "smbpasswd -w \"\${SECRET}\"",
|
|
environment => "SECRET=${samba_ldap_pass}",
|
|
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
|
unless => "fgrep SECRETS/LDAP_BIND_PW /var/lib/samba/private/secrets.tdb",
|
|
require => File["/etc/samba/smb.conf"],
|
|
notify => Service["smb"],
|
|
}
|
|
}
|
|
"domain": {
|
|
exec { "net join":
|
|
command => "net join -U ${samba_join_user}%\"\${SECRET}\"",
|
|
environment => "SECRET=${samba_join_pass}",
|
|
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
|
unless => "net rpc testjoin -U ${samba_join_user}%\"\${SECRET}\"",
|
|
require => Service["smb"],
|
|
}
|
|
}
|
|
}
|
|
|
|
service { "smb":
|
|
name => $::operatingsystem ? {
|
|
"openbsd" => "smbd",
|
|
"ubuntu" => "smbd",
|
|
default => "smb",
|
|
},
|
|
ensure => running,
|
|
enable => true,
|
|
}
|
|
service { "nmb":
|
|
name => $::operatingsystem ? {
|
|
"openbsd" => "nmbd",
|
|
"ubuntu" => "nmbd",
|
|
default => "nmb",
|
|
},
|
|
ensure => running,
|
|
enable => true,
|
|
subscribe => Service["smb"],
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add WINS server role to Samba server
|
|
#
|
|
class samba::server::wins inherits samba::server::configs {
|
|
|
|
File["/etc/samba/smb.conf.d/wins.conf"] {
|
|
content => "name resolve order = lmhosts host wins bcast\nwins support = true\ndns proxy = true\n",
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add Primary Domain Controller role to Samba server
|
|
#
|
|
class samba::server::pdc inherits samba::server::configs {
|
|
|
|
file { "/srv/netlogon":
|
|
ensure => directory,
|
|
mode => "0755",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
seltype => "samba_share_t",
|
|
before => Service["smb"],
|
|
}
|
|
selinux::manage_fcontext { "/srv/netlogon(/.*)?":
|
|
type => "samba_share_t",
|
|
before => File["/srv/netlogon"],
|
|
}
|
|
|
|
samba::server::share { "netlogon":
|
|
path => "/srv/netlogon",
|
|
comment => "Network Logon Service",
|
|
readonly => true,
|
|
options => [ "locking = no", "guest ok = yes", ],
|
|
}
|
|
|
|
File["/etc/samba/smb.conf.d/domain.conf"] {
|
|
content => template("samba/domain.conf-pdc.erb"),
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add Backup Domain Controller role to Samba server
|
|
#
|
|
class samba::server::bdc inherits samba::server::pdc {
|
|
|
|
require samba::client
|
|
|
|
file { "/usr/local/sbin/sync-netlogon":
|
|
ensure => present,
|
|
source => "puppet:///modules/samba/sync-netlogon",
|
|
mode => "0755",
|
|
owner => "root",
|
|
group => "root",
|
|
}
|
|
cron { "sync-netlogon":
|
|
command => "/usr/local/sbin/sync-netlogon",
|
|
minute => "52",
|
|
user => "root",
|
|
require => File["/usr/local/sbin/sync-netlogon"],
|
|
}
|
|
|
|
File["/etc/samba/smb.conf.d/domain.conf"] {
|
|
content => template("samba/domain.conf-bdc.erb"),
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add Home directory server role to Samba server
|
|
#
|
|
class samba::server::homes {
|
|
|
|
if !defined(Selinux::Boolean["samba_enable_home_dirs"]) {
|
|
selinux::boolean { "samba_enable_home_dirs":
|
|
value => "on",
|
|
before => Service["smb"],
|
|
}
|
|
}
|
|
|
|
samba::server::share { "homes":
|
|
path => "%H",
|
|
comment => "Home Directories",
|
|
options => [ "veto files = /.windows/", "browseable = no", ],
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add Profile server role to Samba server
|
|
#
|
|
class samba::server::profiles {
|
|
|
|
if !defined(Selinux::Boolean["samba_enable_home_dirs"]) {
|
|
selinux::boolean { "samba_enable_home_dirs":
|
|
value => "on",
|
|
before => Service["smb"],
|
|
}
|
|
}
|
|
|
|
selinux::boolean { "samba_create_home_dirs":
|
|
value => on,
|
|
before => Service["smb"],
|
|
}
|
|
|
|
file { "/srv/profiles":
|
|
ensure => directory,
|
|
mode => "0755",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
seltype => "samba_share_t",
|
|
before => Service["smb"],
|
|
}
|
|
selinux::manage_fcontext { "/srv/profiles(/.*)?":
|
|
type => "samba_share_t",
|
|
before => File["/srv/profiles"],
|
|
}
|
|
|
|
samba::server::share { "profiles":
|
|
path => "/srv/profiles",
|
|
comment => "Roaming Profiles",
|
|
options => [
|
|
"wide links = yes",
|
|
"profile acls = yes",
|
|
"root preexec = sh -c 'umask 022 ; ( [ -h /srv/profiles/%U ] || ln -s %H/.windows/profile /srv/profiles/%U ) ; ( [ -h /srv/profiles/%U.V2 ] || ln -s %H/.windows/vista /srv/profiles/%U.V2 )'",
|
|
"preexec = sh -c 'umask 077; mkdir -p %H/.windows/profile %H/.windows/vista'",
|
|
],
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Add new share to Samba server
|
|
#
|
|
# === Parameters
|
|
#
|
|
# $name:
|
|
# Share name
|
|
# $path:
|
|
# Directory to share
|
|
# $comment:
|
|
# Share description. Defaults to $name.
|
|
# $readonly:
|
|
# Set to true to make share read only.
|
|
# $options:
|
|
# Array of extra options to add for share.
|
|
#
|
|
# === Sample usage
|
|
#
|
|
# samba::server::share { "r-sysadm":
|
|
# comment => "Role: sysadm",
|
|
# path => "/roles/sysadm",
|
|
# options => [ "hide files = /desktop.ini/Desktop.ini/" ],
|
|
# }
|
|
#
|
|
define samba::server::share($path, $comment=undef, $readonly=undef,
|
|
$options=[]) {
|
|
|
|
file { "/etc/samba/smb.conf.d/share-${name}.conf":
|
|
ensure => present,
|
|
content => template("samba/share.conf.erb"),
|
|
mode => "0644",
|
|
owner => "root",
|
|
group => $::operatingsystem ? {
|
|
"openbsd" => "wheel",
|
|
default => "root",
|
|
},
|
|
require => File["/etc/samba/smb.conf.d"],
|
|
notify => Exec["generate-samba-shares-conf"]
|
|
}
|
|
|
|
}
|
|
|