Add implementation join Samba server into Active Directory

Conflicts: manifests/server/share.pp
author: Lebedev Vadim <abraham1901@gmail.com> 2013-03-18 18:55:58 +0400
committer: Adam Jahn <ajjahn@gmail.com> 2013-03-19 21:14:30 -0400
commit: 32f1dc699c77ae665d8c8e39d8d9c2c3fb497df9 (patch)
tree: 6b2edbb451b76b18c3bbc3a49d591e91e24e2b06 /manifests
parent: d612151695cb9121d4aebcdb8a39c0ee87f7c612 (diff)
download: puppet-samba-32f1dc699c77ae665d8c8e39d8d9c2c3fb497df9.tar.gz
puppet-samba-32f1dc699c77ae665d8c8e39d8d9c2c3fb497df9.tar.bz2
5 files changed, 154 insertions, 45 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index c71ee1d..8a914a4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,3 +1,7 @@
 class samba {
   include samba::server
+
+  if samba::server::security == 'ads' {
+    include samba::server::ads
+  }
 }
 \ No newline at end of file
diff --git a/manifests/server.pp b/manifests/server.pp
index cc1a951..9b6d3c0 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -18,53 +18,27 @@ class samba::server($interfaces = '',
     notify  => Class['samba::server::service']
   }
 
-  augeas { 'global-interfaces':
-    context => $context,
-    changes => $interfaces ? {
-      default => ["set \"${target}/interfaces\" '${interfaces}'", "set \"${target}/bind interfaces only\" yes"],
-      ''      => ["rm \"${target}/interfaces\"", "rm \"${target}/bind interfaces only\""],
-    },
-    require => Augeas['global-section'],
-    notify  => Class['samba::server::service']
-  }
 
-  augeas { 'global-security':
-    context => $context,
-    changes => $security ? {
-      default => "set \"${target}/security\" '${security}'",
-      ''      => "rm \"${target}/security\"",
-    },
-    require => Augeas['global-section'],
-    notify  => Class['samba::server::service']
-  }
-
-  augeas { 'global-server_string':
-    context => $context,
-    changes => $server_string ? {
-      default => "set \"${target}/server string\" '${server_string}'",
-      ''      => "rm \"${target}/server string\"",
-    },
-    require => Augeas['global-section'],
-    notify  => Class['samba::server::service']
+  set_samba_option {
+    'bind interfaces only': value => 'yes';
+    'security':             value => $security;
+    'server string':        value => $server_string;
+    'unix password sync':   value => $unix_password_sync;
+    'workgroup':            value => $workgroup;
   }
+}
 
-  augeas { 'global-unix_password_sync':
-    context => $context,
-    changes => $unix_password_sync ? {
-      default => "set \"${target}/unix password sync\" '$unix_password_sync'",
-      '' => "rm \"${target}/unix_password_sync\"",
-    },
-    require => Augeas['global-section'],
-    notify => Class['samba::server::service']
+define set_samba_option ( $value = '', $signal = 'samba::server::service' ) {
+  $context = $samba::server::context
+  $target = $samba::server::target
+  $changes = $value ? {
+    default => "set \"${target}/$name\" $value",
+    ''      => "rm ${target}/$name",
   }
-
-  augeas { 'global-workgroup':
+  augeas { "samba-$name":
     context => $context,
-    changes => $workgroup ? {
-      default => "set ${target}/workgroup '${workgroup}'",
-      ''      => "rm ${target}/workgroup",
-    },
+    changes => $changes,
     require => Augeas['global-section'],
-    notify  => Class['samba::server::service']
+    notify  => Class[$signal]
   }
 }
diff --git a/manifests/server/ads.pp b/manifests/server/ads.pp
new file mode 100644
index 0000000..1f8e602
--- /dev/null
+++ b/manifests/server/ads.pp
@@ -0,0 +1,116 @@
+# This module join samba server to Active Dirctory
+#
+# Copyright (c) 2013 Lebedev Vadim, abraham1901 at g mail dot c o m
+# Licensed under the MIT License, http://opensource.org/licenses/MIT
+
+class samba::server::ads($ensure = present,
+  $winbind_acct               = 'admin',
+  $winbind_pass               = 'SecretPass',
+  $realm                      = 'domain.com',
+  $winbind_uid                = '10000-20000',
+  $winbind_gid                = '10000-20000',
+  $winbind_enum_groups        = 'yes',
+  $winbind_enum_users         = 'yes',
+  $winbind_use_default_domain = 'yes',
+  $nsswitch                   = false,
+  $acl_group_control          = 'yes',
+  $map_acl_inherit            = 'yes',
+  $inherit_acls               = 'yes',
+  $store_dos_attributes       = 'yes',
+  $ea_support                 = 'yes',
+  $dos_filemode               = 'yes',
+  $acl_check_permissions      = false,
+  $map_system                 = 'no',
+  $map_archive                = 'no',
+  $map_readonly               = 'no',
+  $target_ou                  = 'Nix_Mashine') {
+
+  package{
+    'krb5-user': ensure => installed;
+    'winbind':   ensure => installed;
+    'expect':    ensure => installed;
+  }
+
+  include samba::server::config
+  include samba::server::winbind
+
+  $signal = 'samba::server::winbind'
+
+  set_samba_option {
+    'realm':                        value   => $realm,
+                                    signal  => $signal;
+    'winbind uid':                  value   => $winbind_uid,
+                                    signal  => $signal;
+    'winbind gid':                  value   => $winbind_gid,
+                                    signal  => $signal;
+    'winbind enum groups':          value   => $winbind_enum_groups,
+                                    signal  => $signal;
+    'winbind enum users':           value   => $winbind_enum_users,
+                                    signal  => $signal;
+    'winbind use default domain':   value   => $winbind_use_default_domain,
+                                    signal  => $signal;
+    'acl group control':            value => $acl_group_control;
+    'map acl inherit':              value => $map_acl_inherit;
+    'inherit acls':                 value => $inherit_acls;
+    'store dos attributes':         value => $store_dos_attributes;
+    'ea support':                   value => $ea_support;
+    'dos filemode':                 value => $dos_filemode;
+    'acl check permissions':        value => $acl_check_permissions;
+    'map system':                   value => $map_system;
+    'map archive':                  value => $map_archive;
+    'map readonly':                 value => $map_readonly;
+  }
+
+  $nss_file='etc/nsswitch.conf'
+
+  $changes=$nsswitch ? {
+      true => [
+        "set database[. = 'passwd']/service[1] compat",
+        "set database[. = 'passwd']/service[2] winbind",
+        "set database[. = 'group']/service[1] compat",
+        "set database[. = 'group']/service[2] winbind",
+      ],
+      false => [
+        "rm /files/${nss_file}/database[. = 'passwd']/service[. = 'winbind']",
+        "rm /files/${nss_file}/database[. = 'group']/service[. = 'winbind']",
+      ]
+    }
+
+  augeas { 'nsswitch':
+    context => "/files/${nss_file}",
+    changes => $changes
+  }
+
+  file {'verify_active_directory':
+    # this script returns 0 if join is intact
+    path    => '/sbin/verify_active_directory',
+    owner   => root,
+    group   => root,
+    mode    => "0755",
+    content => template("${module_name}/verify_active_directory.erb"),
+    require => [ Package['krb5-user', 'winbind', 'expect'],
+      Augeas['samba-realm', 'samba-security', 'samba-winbind enum users',
+        'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid',
+        'samba-winbind use default domain'] ],
+  }
+
+  file {'configure_active_directory':
+    # this script joins or leaves a domain
+    path    => '/sbin/configure_active_directory',
+    owner   => root,
+    group   => root,
+    mode    => "0755",
+    content => template("${module_name}/configure_active_directory.erb"),
+    require => [ Package['krb5-user', 'winbind', 'expect'],
+      Augeas['samba-realm', 'samba-security', 'samba-winbind enum users',
+        'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid',
+        'samba-winbind use default domain'] ],
+  }
+
+  exec {'join-active-directory':
+    # join the domain configured in samba.conf
+    command => '/sbin/configure_active_directory -j',
+    unless  => '/sbin/verify_active_directory',
+    require => [ File['configure_active_directory', 'verify_active_directory'], Class['samba::server::winbind'] ],
+  }
+}
diff --git a/manifests/server/share.pp b/manifests/server/share.pp
index 7d308a0..b4eb02f 100644
--- a/manifests/server/share.pp
+++ b/manifests/server/share.pp
@@ -15,10 +15,9 @@ define samba::server::share($ensure = present,
                             $read_only = '',
                             $public = '',
                             $writable = '',
-                            $printable = '',
-  ) {
+                            $printable = '') {
 
-  $context = '/files/etc/samba/smb.conf'
+  $context = $samba::server::context
   $target = "target[. = '${name}']"
 
   augeas { "${name}-section":
diff --git a/manifests/server/winbind.pp b/manifests/server/winbind.pp
new file mode 100644
index 0000000..76136b9
--- /dev/null
+++ b/manifests/server/winbind.pp
@@ -0,0 +1,16 @@
+class samba::server::winbind ($ensure = running, $enable = true) {
+  $service_name = 'winbind'
+
+  notify { 'winbind-service':
+    message => 'Check winbind service',
+  }
+
+  service { $service_name:
+    ensure      => $ensure,
+    hasstatus   => true,
+    hasrestart  => true,
+    enable      => $enable,
+    require     => Class['samba::server::config']
+  }
+
+}
author	Lebedev Vadim <abraham1901@gmail.com>	2013-03-18 18:55:58 +0400
committer	Adam Jahn <ajjahn@gmail.com>	2013-03-19 21:14:30 -0400
commit	32f1dc699c77ae665d8c8e39d8d9c2c3fb497df9 (patch)
tree	6b2edbb451b76b18c3bbc3a49d591e91e24e2b06 /manifests
parent	d612151695cb9121d4aebcdb8a39c0ee87f7c612 (diff)
download	puppet-samba-32f1dc699c77ae665d8c8e39d8d9c2c3fb497df9.tar.gz puppet-samba-32f1dc699c77ae665d8c8e39d8d9c2c3fb497df9.tar.bz2