aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/server.pp36
-rw-r--r--manifests/server/ads.pp25
-rw-r--r--manifests/server/service.pp11
-rw-r--r--manifests/server/share.pp197
-rw-r--r--manifests/server/user.pp13
-rw-r--r--templates/add_samba_user16
-rw-r--r--templates/check_samba_user16
-rw-r--r--templates/configure_active_directory.erb15
-rw-r--r--templates/verify_active_directory.erb5
9 files changed, 181 insertions, 153 deletions
diff --git a/manifests/server.pp b/manifests/server.pp
index bc1e3d7..2e4c2d9 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -2,16 +2,20 @@ class samba::server($interfaces = '',
$security = '',
$server_string = '',
$unix_password_sync = '',
- $workgroup = '') {
+ $workgroup = '',
+ $bind_interfaces_only = 'yes',) {
include samba::server::install
include samba::server::config
include samba::server::service
- $context = '/files/etc/samba/smb.conf'
- $target = "target[. = 'global']"
+ $incl = '/etc/samba/smb.conf'
+ $context = "/files/etc/samba/smb.conf"
+ $target = "target[. = 'global']"
augeas { 'global-section':
+ incl => $incl,
+ lens => 'Samba.lns',
context => $context,
changes => "set ${target} global",
require => Class['samba::server::config'],
@@ -21,23 +25,45 @@ class samba::server($interfaces = '',
set_samba_option {
'interfaces': value => $interfaces;
- 'bind interfaces only': value => 'yes';
+ 'bind interfaces only': value => $bind_interfaces_only;
'security': value => $security;
'server string': value => $server_string;
'unix password sync': value => $unix_password_sync;
'workgroup': value => $workgroup;
}
+
+ file {'check_samba_user':
+ # script checks to see if a samba account exists for a given user
+ path => '/sbin/check_samba_user',
+ owner => root,
+ group => root,
+ mode => "0755",
+ content => template("${module_name}/check_samba_user"),
+ }
+
+ file {'add_samba_user':
+ # script creates a new samba account for a given user and password
+ path => '/sbin/add_samba_user',
+ owner => root,
+ group => root,
+ mode => "0755",
+ content => template("${module_name}/add_samba_user"),
+ }
}
define set_samba_option ( $value = '', $signal = 'samba::server::service' ) {
+ $incl = $samba::server::incl
$context = $samba::server::context
- $target = $samba::server::target
+ $target = $samba::server::target
+
$changes = $value ? {
default => "set \"${target}/$name\" \"$value\"",
'' => "rm ${target}/$name",
}
augeas { "samba-$name":
+ incl => $incl,
+ lens => 'Samba.lns',
context => $context,
changes => $changes,
require => Augeas['global-section'],
diff --git a/manifests/server/ads.pp b/manifests/server/ads.pp
index 1f8e602..16be9ad 100644
--- a/manifests/server/ads.pp
+++ b/manifests/server/ads.pp
@@ -25,10 +25,25 @@ class samba::server::ads($ensure = present,
$map_readonly = 'no',
$target_ou = 'Nix_Mashine') {
+ $krb5_user_package = $osfamily ? {
+ 'RedHat' => 'krb5-workstation',
+ default => 'krb5-user',
+ }
+
+ if $osfamily == "RedHat" {
+ if $operatingsystemrelease =~ /^6\./ {
+ $winbind_package = 'samba-winbind'
+ } else {
+ $winbind_package = 'samba-common'
+ }
+ } else {
+ $winbind_package = 'winbind'
+ }
+
package{
- 'krb5-user': ensure => installed;
- 'winbind': ensure => installed;
- 'expect': ensure => installed;
+ $krb5_user_package: ensure => installed;
+ $winbind_package: ensure => installed;
+ 'expect': ensure => installed;
}
include samba::server::config
@@ -88,7 +103,7 @@ class samba::server::ads($ensure = present,
group => root,
mode => "0755",
content => template("${module_name}/verify_active_directory.erb"),
- require => [ Package['krb5-user', 'winbind', 'expect'],
+ require => [ Package[$krb5_user_package, $winbind_package, 'expect'],
Augeas['samba-realm', 'samba-security', 'samba-winbind enum users',
'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid',
'samba-winbind use default domain'] ],
@@ -101,7 +116,7 @@ class samba::server::ads($ensure = present,
group => root,
mode => "0755",
content => template("${module_name}/configure_active_directory.erb"),
- require => [ Package['krb5-user', 'winbind', 'expect'],
+ require => [ Package[$krb5_user_package, $winbind_package, 'expect'],
Augeas['samba-realm', 'samba-security', 'samba-winbind enum users',
'samba-winbind enum groups', 'samba-winbind uid', 'samba-winbind gid',
'samba-winbind use default domain'] ],
diff --git a/manifests/server/service.pp b/manifests/server/service.pp
index 55ccb06..6f26a6d 100644
--- a/manifests/server/service.pp
+++ b/manifests/server/service.pp
@@ -1,7 +1,16 @@
class samba::server::service ($ensure = running, $enable = true) {
case $::osfamily {
Redhat: { $service_name = 'smb' }
- Debian: { $service_name = 'smbd' }
+
+ #On Debian family: Debian 7 => samba , Ubuntu => smbd
+ #Others, I don't know, hope 'samba' will works
+ Debian: {
+ case $::operatingsystem{
+ Debian: { $service_name = 'samba' }
+ Ubuntu: { $service_name = 'smbd'}
+ default: { $service_name='samba'}
+ }
+ }
Gentoo: { $service_name = 'samba' }
Archlinux: { $service_name = 'smbd' }
diff --git a/manifests/server/share.pp b/manifests/server/share.pp
index b4eb02f..b7274f9 100644
--- a/manifests/server/share.pp
+++ b/manifests/server/share.pp
@@ -15,12 +15,17 @@ define samba::server::share($ensure = present,
$read_only = '',
$public = '',
$writable = '',
- $printable = '') {
-
+ $printable = '',
+ $valid_users = '',
+ ) {
+
+ $incl = $samba::server::incl
$context = $samba::server::context
- $target = "target[. = '${name}']"
+ $target = "target[. = '${name}']"
augeas { "${name}-section":
+ incl => $incl,
+ lens => 'Samba.lns',
context => $context,
changes => $ensure ? {
present => "set ${target} '${name}'",
@@ -31,178 +36,98 @@ define samba::server::share($ensure = present,
}
if $ensure == 'present' {
- augeas { "${name}-browsable":
- context => $context,
- changes => $browsable ? {
- true => "set ${target}/browsable yes",
- false => "set ${target}/browsable no",
- default => "rm ${target}/browsable",
+ $changes = [
+ $browsable ? {
+ true => "set \"${target}/browsable\" yes",
+ false => "set \"${target}/browsable\" no",
+ default => "rm \"${target}/browsable\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-comment":
- context => $context,
- changes => $comment ? {
- default => "set ${target}/comment '${comment}'",
- '' => "rm ${target}/comment",
+ $comment ? {
+ default => "set \"${target}/comment\" '${comment}'",
+ '' => "rm \"${target}/comment\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-copy":
- context => $context,
- changes => $copy ? {
- default => "set ${target}/copy '${copy}'",
- '' => "rm ${target}/copy",
+ $copy ? {
+ default => "set \"${target}/copy\" '${copy}'",
+ '' => "rm \"${target}/copy\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-create_mask":
- context => $context,
- changes => $create_mask ? {
+ $create_mask ? {
default => "set \"${target}/create mask\" '${create_mask}'",
- '' => "rm \"${target}/create mask\"",
+ '' => "rm \"${target}/create mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-directory_mask":
- context => $context,
- changes => $directory_mask ? {
+ $directory_mask ? {
default => "set \"${target}/directory mask\" '${directory_mask}'",
- '' => "rm \"${target}/directory mask\"",
+ '' => "rm \"${target}/directory mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_create_mask":
- context => $context,
- changes => $force_create_mask ? {
+ $force_create_mask ? {
default => "set \"${target}/force create mask\" '${force_create_mask}'",
- '' => "rm \"${target}/force create mask\"",
+ '' => "rm \"${target}/force create mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_directory_mask":
- context => $context,
- changes => $force_directory_mask ? {
+ $force_directory_mask ? {
default => "set \"${target}/force directory mask\" '${force_directory_mask}'",
- '' => "rm \"${target}/force directory mask\"",
+ '' => "rm \"${target}/force directory mask\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_group":
- context => $context,
- changes => $force_group ? {
+ $force_group ? {
default => "set \"${target}/force group\" '${force_group}'",
- '' => "rm \"${target}/force group\"",
+ '' => "rm \"${target}/force group\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-force_user":
- context => $context,
- changes => $force_user ? {
+ $force_user ? {
default => "set \"${target}/force user\" '${force_user}'",
- '' => "rm \"${target}/force user\"",
+ '' => "rm \"${target}/force user\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-guest_account":
- context => $context,
- changes => $guest_account ? {
+ $guest_account ? {
default => "set \"${target}/guest account\" '${guest_account}'",
- '' => "rm \"${target}/guest account\"",
+ '' => "rm \"${target}/guest account\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-guest_ok":
- context => $context,
- changes => $guest_ok ? {
+ $guest_ok ? {
true => "set \"${target}/guest ok\" yes",
false => "set \"${target}/guest ok\" no",
- default => "rm \"${target}/guest ok\"",
+ default => "rm \"${target}/guest ok\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-guest_only":
- context => $context,
- changes => $guest_only ? {
+ $guest_only ? {
true => "set \"${target}/guest only\" yes",
false => "set \"${target}/guest only\" no",
- default => "rm \"${target}/guest only\"",
+ default => "rm \"${target}/guest only\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-path":
- context => $context,
- changes => $path ? {
+ $path ? {
default => "set ${target}/path '${path}'",
- '' => "rm ${target}/path",
+ '' => "rm ${target}/path",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-read_only":
- context => $context,
- changes => $read_only ? {
+ $read_only ? {
true => "set \"${target}/read only\" yes",
false => "set \"${target}/read only\" no",
- default => "rm \"${target}/read_only\"",
+ default => "rm \"${target}/read only\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-public":
- context => $context,
- changes => $public ? {
+ $public ? {
true => "set \"${target}/public\" yes",
false => "set \"${target}/public\" no",
- default => "rm \"${target}/public\"",
+ default => "rm \"${target}/public\"",
},
- require => Augeas["${name}-section"],
- notify => Class['samba::server::service']
- }
-
- augeas { "${name}-writable":
- context => $context,
- changes => $writable ? {
+ $writable ? {
true => "set \"${target}/writable\" yes",
false => "set \"${target}/writable\" no",
- default => "rm \"${target}/writable\"",
+ default => "rm \"${target}/writable\"",
+ },
+ $printable ? {
+ true => "set \"${target}/printable\" yes",
+ false => "set \"${target}/printable\" no",
+ default => "rm \"${target}/printable\"",
},
+ ]
+
+ augeas { "${name}-changes":
+ incl => $incl,
+ lens => 'Samba.lns',
+ context => $context,
+ changes => $changes,
require => Augeas["${name}-section"],
notify => Class['samba::server::service']
}
- augeas { "${name}-printable":
+ augeas { "${name}-valid_users":
context => $context,
- changes => $printable ? {
- true => "set \"${target}/printable\" yes",
- false => "set \"${target}/printable\" no",
- default => "rm \"${target}/printable\"",
+ changes => $valid_users ? {
+ default => "set \"${target}/valid users\" '${valid_users}'",
+ '' => "rm \"${target}/valid users\"",
},
require => Augeas["${name}-section"],
notify => Class['samba::server::service']
diff --git a/manifests/server/user.pp b/manifests/server/user.pp
new file mode 100644
index 0000000..2cffe3b
--- /dev/null
+++ b/manifests/server/user.pp
@@ -0,0 +1,13 @@
+define samba::server::user(
+ $user_name = $name ,
+ $password ,
+ ) {
+ exec { "add smb account for ${user_name}":
+ command => "/sbin/add_samba_user '${user_name}' '${password}'" ,
+ unless => "/sbin/check_samba_user '${user_name}'" ,
+ require => [
+ User["${user_name}"]
+ ] ,
+ notify => Class['samba::server::service']
+ }
+}
diff --git a/templates/add_samba_user b/templates/add_samba_user
new file mode 100644
index 0000000..1385d4e
--- /dev/null
+++ b/templates/add_samba_user
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This script adds a samba account for a given user and password
+# call as:
+# > add_samba_user "USERNAME" "PASSWORD"
+
+/bin/echo -e "$2\n$2\n" | sudo /usr/bin/pdbedit -a "$1" -t 1>/dev/null
+results=$?
+
+if [ $results = 0 ]; then
+ echo "added samba account for '$1'"
+else
+ echo "could not add samba account for '$1'"
+fi
+
+exit $results
diff --git a/templates/check_samba_user b/templates/check_samba_user
new file mode 100644
index 0000000..75cb4b5
--- /dev/null
+++ b/templates/check_samba_user
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This script checks to see if a given user account exists on samba
+# if so, it returns 0
+# otherwise it returns 1
+
+sudo /usr/bin/pdbedit -L | egrep -q "^$1:"
+exists=$?
+
+if [ $exists = 0 ]; then
+ echo "'$1' is a samba user"
+else
+ echo "no samba account matching '$1'"
+fi
+
+exit $exists
diff --git a/templates/configure_active_directory.erb b/templates/configure_active_directory.erb
index 35ba86f..4f9b6e0 100644
--- a/templates/configure_active_directory.erb
+++ b/templates/configure_active_directory.erb
@@ -54,7 +54,7 @@ do
esac
done
-password="<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>"
+password='<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>'
# short hostname from facter
my_hostname="<%= hostname -%>"
@@ -80,7 +80,7 @@ echo "Please do not kill me; I may be slow" >&2
if [ "$action" = "leave" ]; then
logger -st $PROG "Leaving AD domain"
- $NET ads $action -U ${winbind_acct}%${password} | grep Deleted && success=true || success=false
+ $NET ads $action -U "${winbind_acct}%${password}" | grep Deleted && success=true || success=false
kdestroy
rm -f /etc/krb5.keytab
if [ $success = "true" ]; then
@@ -105,8 +105,14 @@ ad_settle() {
export KRB5CCNAME=$(umask 0077; mktemp -q winbind_cache.XXXXXXXX)
if [ "$action" = "join" ]; then
+ if [ "${target_ou}" != "" ]; then
+ ou_parameter="createcomputer=\"${target_ou}\""
+ else
+ ou_parameter=""
+ fi
+
logger -st $PROG "Joining AD domain" >&2
- $NET ads $action -U ${winbind_acct}%${password} createcomputer="${target_ou}"\
+ $NET ads $action -U "${winbind_acct}%${password}" ${ou_parameter} \
| grep Joined && success=true || success=false
if [ $success = "false" ]; then
@@ -121,7 +127,8 @@ for attempt in $(seq 1 $max_attempts); do
echo "Getting TGT for ${winbind_acct}@${my_realm}" >&2
$EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${my_realm};
expect :;
- send ${password}\n;
+ send {${password}};
+ send \n;
expect eof"
klist -c $KRB5CCNAME &> /dev/null && break
done
diff --git a/templates/verify_active_directory.erb b/templates/verify_active_directory.erb
index 5a2a506..0917c49 100644
--- a/templates/verify_active_directory.erb
+++ b/templates/verify_active_directory.erb
@@ -21,7 +21,7 @@ fi
# } >&2
#fi
-password="<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>"
+password='<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>'
# short hostname from facter
my_hostname="<%= hostname -%>"
@@ -62,7 +62,8 @@ get_tgt() {
(
$EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${default_realm};
expect :;
- send ${password}\n;
+ send {${password}};
+ send \n;
expect eof"
) &> /dev/null
klist -c $KRB5CCNAME &> /dev/null