diff --git a/defaults/main.yml b/defaults/main.yml
index 98b977b..c786d30 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -19,3 +19,4 @@ samba_wins_support: yes
 samba_local_master: yes
 samba_domain_master: yes
 samba_preferred_master: yes
+samba_mitigate_cve_2017_7494: true
diff --git a/meta/main.yml b/meta/main.yml
index c2f4d5d..674dd36 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -12,6 +12,8 @@ galaxy_info:
     - name: Fedora
       versions:
         - 25
+        - 26
+        - 27
     - name: Ubuntu
       versions:
         - xenial
diff --git a/tasks/main.yml b/tasks/main.yml
index 5ee5518..98b1ab8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -76,6 +76,15 @@
     - Restart Samba services
   tags: samba
 
+- name: Create username map file if needed
+  template:
+    dest: "{{ samba_username_map_file }}"
+    src: smbusers.j2
+  notify:
+    - Restart Samba services
+  tags: samba
+  when: samba_username_map is defined
+
 - name: Start Samba service(s)
   service:
     name: "{{ item }}"
diff --git a/templates/smb.conf.j2 b/templates/smb.conf.j2
index 72956ed..d5db3dd 100755
--- a/templates/smb.conf.j2
+++ b/templates/smb.conf.j2
@@ -29,6 +29,9 @@ server string = {{ samba_server_string }}
 {% if samba_guest_account  is defined %}
   guest account = {{ samba_guest_account }}
 {% endif %}
+{% if samba_username_map is defined %}
+  username map = {{ samba_username_map_file }}
+{% endif %}
 
 {% if samba_server_min_protocol is defined %}
   # Minimum protocol version offered by the server
@@ -58,9 +61,11 @@ server string = {{ samba_server_string }}
   disable spoolss = yes
 {% endif %}
 
+{% if samba_mitigate_cve_2017_7494 %}
   # Fix for CVE-2017-7494
   # https://access.redhat.com/security/cve/cve-2017-7494
   nt pipe support = no
+{% endif %}
 
 {% if samba_load_homes %}
 ## Make home directories accessible
diff --git a/templates/smbusers.j2 b/templates/smbusers.j2
new file mode 100644
index 0000000..5290421
--- /dev/null
+++ b/templates/smbusers.j2
@@ -0,0 +1,3 @@
+{% for entry in samba_username_map %}
+{{ entry.to }} = {{ entry.from }}
+{% endfor %}
diff --git a/vars/os_Archlinux.yml b/vars/os_Archlinux.yml
index 71f28c4..19fb13a 100644
--- a/vars/os_Archlinux.yml
+++ b/vars/os_Archlinux.yml
@@ -9,6 +9,7 @@ samba_selinux_packages: []
 samba_selinux_booleans: []
 
 samba_configuration: /etc/samba/smb.conf
+samba_username_map_file: /etc/samba/smbusers
 
 samba_services:
   - smbd
diff --git a/vars/os_Debian.yml b/vars/os_Debian.yml
index 76f9996..4e2df2e 100644
--- a/vars/os_Debian.yml
+++ b/vars/os_Debian.yml
@@ -10,6 +10,7 @@ samba_selinux_packages: []
 samba_selinux_booleans: []
 
 samba_configuration: /etc/samba/smb.conf
+samba_username_map_file: /etc/samba/smbusers
 
 # The name of the Samba service in older releases (Ubuntu 14.04,
 # Debian <8) is "samba".
diff --git a/vars/os_RedHat.yml b/vars/os_RedHat.yml
index b8fbf56..801e084 100644
--- a/vars/os_RedHat.yml
+++ b/vars/os_RedHat.yml
@@ -14,6 +14,7 @@ samba_selinux_booleans:
   - samba_export_all_rw
 
 samba_configuration: /etc/samba/smb.conf
+samba_username_map_file: /etc/samba/smbusers
 
 samba_services:
   - smb