ansible-roles/ansible-role-samba
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into server_max_protocol

Browse Source
This commit is contained in:
Bert Van Vreckem 2018-05-19 23:41:58 +02:00 committed by GitHub
commit 70b2b21b2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -19,3 +19,4 @@ samba_wins_support: yes
samba_local_master: yes samba_local_master: yes
samba_domain_master: yes samba_domain_master: yes
samba_preferred_master: yes samba_preferred_master: yes
samba_mitigate_cve_2017_7494: true

2
meta/main.yml
View File

@ -12,6 +12,8 @@ galaxy_info:
- name: Fedora - name: Fedora
versions: versions:
- 25 - 25
- 26
- 27
- name: Ubuntu - name: Ubuntu
versions: versions:
- xenial - xenial

9
tasks/main.yml
View File

@ -76,6 +76,15 @@
- Restart Samba services - Restart Samba services
tags: samba tags: samba
- name: Create username map file if needed
template:
dest: "{{ samba_username_map_file }}"
src: smbusers.j2
notify:
- Restart Samba services
tags: samba
when: samba_username_map is defined
- name: Start Samba service(s) - name: Start Samba service(s)
service: service:
name: "{{ item }}" name: "{{ item }}"

5
templates/smb.conf.j2
View File

@ -29,6 +29,9 @@ server string = {{ samba_server_string }}
{% if samba_guest_account is defined %} {% if samba_guest_account is defined %}
guest account = {{ samba_guest_account }} guest account = {{ samba_guest_account }}
{% endif %} {% endif %}
{% if samba_username_map is defined %}
username map = {{ samba_username_map_file }}
{% endif %}
{% if samba_server_min_protocol is defined %} {% if samba_server_min_protocol is defined %}
# Minimum protocol version offered by the server # Minimum protocol version offered by the server
@ -58,9 +61,11 @@ server string = {{ samba_server_string }}
disable spoolss = yes disable spoolss = yes
{% endif %} {% endif %}
{% if samba_mitigate_cve_2017_7494 %}
# Fix for CVE-2017-7494 # Fix for CVE-2017-7494
# https://access.redhat.com/security/cve/cve-2017-7494 # https://access.redhat.com/security/cve/cve-2017-7494
nt pipe support = no nt pipe support = no
{% endif %}
{% if samba_load_homes %} {% if samba_load_homes %}
## Make home directories accessible ## Make home directories accessible

3
templates/smbusers.j2 Normal file
View File

@ -0,0 +1,3 @@
{% for entry in samba_username_map %}
{{ entry.to }} = {{ entry.from }}
{% endfor %}

1
vars/os_Archlinux.yml
View File

@ -9,6 +9,7 @@ samba_selinux_packages: []
samba_selinux_booleans: [] samba_selinux_booleans: []
samba_configuration: /etc/samba/smb.conf samba_configuration: /etc/samba/smb.conf
samba_username_map_file: /etc/samba/smbusers
samba_services: samba_services:
- smbd - smbd

1
vars/os_Debian.yml
View File

@ -10,6 +10,7 @@ samba_selinux_packages: []
samba_selinux_booleans: [] samba_selinux_booleans: []
samba_configuration: /etc/samba/smb.conf samba_configuration: /etc/samba/smb.conf
samba_username_map_file: /etc/samba/smbusers
# The name of the Samba service in older releases (Ubuntu 14.04, # The name of the Samba service in older releases (Ubuntu 14.04,
# Debian <8) is "samba". # Debian <8) is "samba".

1
vars/os_RedHat.yml
View File

@ -14,6 +14,7 @@ samba_selinux_booleans:
- samba_export_all_rw - samba_export_all_rw
samba_configuration: /etc/samba/smb.conf samba_configuration: /etc/samba/smb.conf
samba_username_map_file: /etc/samba/smbusers
samba_services: samba_services:
- smb - smb