This module will configure winbind for joining Active Directory. This module is also designed with using hiera in mind.
The configuration used in this module requires Samba >= 3.6.
This module DOES NOT join your machine to AD. This is because I have not found a secure way to do the joins since it requires a privileged account and its password as part of the join. Once you have run this module at least once you can join your domain by executing the following pair of commands:
net ads join -U yourADuserName
authconfig --enablemkhomedir --enablewinbind --enablewinbindauth --updateThere is a parameter that corresponds directly to each setting in the four configuration files that get edited by this module. Each is prefixed so that you know which file it effects:
- pam = /etc/security/pam_winbind.con
- smb = /etc/samba/smb.conf
- krb5 = /etc/krb5.conf
- oddjobd = /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf
The full list of parameters is listed at the top of the init.pp file.
A fully functional setup should be attainable by providing values for the
following three parameters:
pam_require_membership_of
If set, this will limit who can log in via winbind
smb_workgroup
This is the short name of your domain.
smb_realm
This is the long name of your domain. It is also used in krb5.conf for the
realms and domain_realms settings.
manage_messagebus_service
Allows disabling the management of the messagebus service. Defaults to true.
manage_oddjob_service
Allows disabling the management of the oddjobd service. Defaults to true.
package_ensure
Defines the ensure setting passed to all managed packages. Defaults to latest.
This module has only been tested on Red Hat 5 and CentOS 6 & 7 but that will be expanded some as time goes on.
On RHEL 5 I found that joining was difficult if just the right things were not
in /etc/hosts. In particular, I got errors that my DNS name had to match the
domain I was joining. I resolved this issue by making a host entry like this:
# this should all be on a single line
127.0.0.1 server.example.com server.ad.example.com server localhost
localhost.localdomain localhost4 localhost4.localdomain4
This entry is maintained via a host resource defined elsewhere in my Puppet setup.
This is released under the New BSD / BSD-3-Clause license. A copy of the license can be found in the root of the module.
Pull requests are welcome!
- Adam Stephens (@adamcstephens) - Added support for toggling service management and overriding the package ensure setting