fflch / ansible-role-sambadc Goto Github PK

View Code? Open in Web Editor NEW

0.0 0.0 3.0 58 KB

Shell 51.36% Jinja 48.64%

ansible-role-sambadc's Introduction

drupal theme for FFLCH USP

It was built on top of https://www.drupal.org/project/aegan + bootstrap 4

ansible-role-sambadc's People

Contributors

Watchers

Forkers

sybgroff thiagogomesverissimo acesarfs

ansible-role-sambadc's Issues

TASK [fflch.sambadc : avoid smb.conf testparm problem soft - root]

TASK [fflch.sambadc : avoid smb.conf testparm problem soft - root] *******************************************************
[WARNING]: The value 65536 (type int) in a string field was converted to '65536' (type string). If this does not look
like what you expect, quote the entire value to ensure it does not change.

Colocar no readme procedimento para remover um DC perdido da replicação dos demais

https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC

You cannot demote an offline remote DC from a DC that runs Samba 4.4 or earlier. Update to Samba 4.4.0 or later before you continue.

change space by -?

like: https://github.com/yamb00/ansible-role-samba/blob/master/templates/smb.conf.j2

[global]
{% for key,value in samba.global.iteritems() %}
{{key|replace("_" , " ")}} = {{value}}
{% endfor %}

{% for item in samba.shares %}
[{{item.name}}]
{% for key,value in item.iteritems() %}
{{key|replace("_", " ")}} = {{value}}
{% endfor %}
{% endfor %}

change the logic to verify if DC is already provisioned. If it is, only change password to Administrator and update smb.conf

Add attributes in partition?

remount-ro,acl,user_xattr,barrier=1

rfc2307 in join DC

If the other DCs are Samba DCs and were provisioned with --use-rfc2307, you Should add --option='idmap_ldb:use rfc2307 = yes' to the join command

Create a task to remove DC in given cluster

Control some parameters with ansible variable

#Disable password expiration for the Administrator account.
samba-tool user setexpiry Administrator --noexpiry

#Show domain level password options.
samba-tool domain passwordsettings show

#Disable password complexity at the domain level.
samba-tool domain passwordsettings set --complexity=off

#Disable password history at the domain level.
samba-tool domain passwordsettings set --history-length=0

#Disable password min-age at the domain level.
samba-tool domain passwordsettings set --min-pwd-age=0

#Disable password max-age at the domain level.
samba-tool domain passwordsettings set --max-pwd-age=0

#Disable minimum password length at the domain level.
samba-tool domain passwordsettings set --min-pwd-length=0

Corrigir o nome da variável samadc_admin_password

Corrigir para sambadc_admin_password

Criar rotina de backup com novo comando do samba: samba-tool domain backup

Exemplo de rotina para backup online:

samba-tool domain backup online --targetdir=/home/vagrant/bkponline --server=vagrantsambadcdebian11.smbdomain.local.br -UAdministrator --password='SuperSenh@1'

Exemplo de rotina para backup offilne:

samba-tool domain backup offline --targetdir=/home/vagrant/bkpoffline

implements backup routine

backup versões antigas
https://wiki.samba.org/index.php/Using_the_samba_backup_script

back versões novas
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC

create task to sync sysvol folder across all domain controllers

Alguns problemas

idmap.ldb and sysvol devem ser copiados do DC antigo

Comando para arrumar a sysvol:

samba-tool ntacl sysvolcheck
samba-tool ntacl  sysvolreset

VErificando se há id duplciado no idmap.ldb:

ldbsearch -H /var/lib/samba/private/idmap.ldb | grep xidNumber | uniq -d

Links:

https://groups.google.com/g/linux.samba/c/kOdiWpy6hZ4

Refatorar task no debian 12: fflch.sambadc : Desabilita systemd-resolved, necessário em Ubuntu 18.04

fflch.sambadc : Desabilita systemd-resolved, necessário em Ubuntu 18.04