saltstack-formulas / samba-formula Goto Github PK
View Code? Open in Web Editor NEWHome Page: http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
License: Other
Home Page: http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
License: Other
When using winbind-ad, on each run samba_winbind_pamforget_* removes lines in /var/lib/pam/seen. Those lines then get added by samba_winbind_ad_authconfig, causing changes on each run and all samba services to be restarted.
This line in pillar.example is no longer valid.
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
I filed bug #73 over two years ago.
It's a 2-line change.
Debian Bullseye has been out for over a year, and it's also affected by map.jinja not being up-to-date:
$ git diff origin/master
diff --git a/samba/map.jinja b/samba/map.jinja
index e9021e8..43e32a9 100644
--- a/samba/map.jinja
+++ b/samba/map.jinja
@@ -15,7 +15,8 @@
'wheezy': 'samba',
'jessie': 'smbd',
'stretch': 'smbd',
- 'buster': 'smbd'
+ 'buster': 'smbd',
+ 'bullseye': 'smbd'
}, grain='oscodename', default='lenny'),
},
'Suse':{
@@ -31,8 +32,8 @@
'client': 'smbclient',
},
'FreeBSD': {
- 'server': 'samba44',
- 'client': 'samba44',
+ 'server': 'samba413',
+ 'client': 'samba413',
'service': 'samba_server',
'config': '/usr/local/etc/smb4.conf',
},
PR #75 has been sitting unmerged for a year now.
Is this repo still maintained?
Can someone get a commit bit to keep improving samba-formula or is it abandoned and someone needs to fork it?
I overlooked need for 'domain users' to be in sudoers.
domainUser@domainMemberHost:~$ sudo apt-get update
[sudo] password for domainUser:
Your password will expire in 18 days.
domainUser is not in the sudoers file. This incident will be reported.
domainUser@domainMemberHost:~$
Basic support for SuSE distribution.
It would be nice if the samba.users
state file would use the pdbedit
state module to create samba users instead of always piping the password to smbpasswd
on every run. Additionally it would allow us to only store a password hash in the pillar rather than the raw password.
CentOS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1648399 = Fix your configuration
Basic support for Darwin.
Environment: Debbian 9 Master & Debian 9 Minion - Salt repo
I activated the state samba.users on a Test minion today, it works, but throws a Warning. See below.
ID: samba_client
Function: pkg.installed
Name: samba-client
Result: True
Comment: The following packages were installed/updated: samba-client
Started: 10:51:55.616968
Duration: 46455.199 ms
Changes:
...
Warnings: The following package(s) are "virtual package" names: samba-
client. These will no longer be supported as of the Fluorine
release. Please update your SLS file(s) to use the actual package
name.
root@salt:/srv# salt --versions-report
Salt Version:
Salt: 2018.3.4
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.5.3
docker-py: Not Installed
gitdb: 2.0.0
gitpython: 2.1.1
ioflo: Not Installed
Jinja2: 2.9.4
libgit2: 0.24.5
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.8
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: 0.24.2
Python: 3.5.3 (default, Sep 27 2018, 17:25:39)
python-gnupg: Not Installed
PyYAML: 3.12
PyZMQ: 16.0.2
RAET: Not Installed
smmap: 2.0.1
timelib: Not Installed
Tornado: 4.4.3
ZMQ: 4.2.1
System Versions:
dist: debian 9.9
locale: ANSI_X3.4-1968
machine: x86_64
release: 4.9.0-9-amd64
system: Linux
version: debian 9.9
defaults.yaml still contains the parameter: winbind trusted domains only
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
"fix(defaults): remove obsolete parameter #63" did only remove half the necessary lines.
map.jinja points to samba44
for FreeBSD.
FreeBSD 12 has packages for samba410
, samba411
, samba412
and samba413
.
There doesn't appear to be a nice way in the formula to override the package name.
Problem with #42 Should defaults.yaml
have ....
idmap config *:schema_mode = rfc2307
(suspected bad yaml syntax)
OR
'idmap config *:schema_mode = rfc2307'
OR
'idmap config *:schema_mode: rfc2307'
(suspected bad samba syntax)
SSSD integration would be useful. This could be implemented as samba.sssd
(software) and samba.sssd-ad
(active directory integration) states.
If you specify section_order: ['global'] to only create the global entries for smb.conf this setting is ignored; global, printers and homes (in that order) are always created.
required salt states?
samba.winbind
-winbind-install
-winbind-enable
-winbind-[remove]
samba.winbind.config
-winbind-samba-conf
-winbind-join-domain
-winbind-pam-conf
-winbind-krb5-conf
-winbind-auth-test
For ROLE_DOMAIN_MEMBER
role, the following parameter improved painfully slow AD lookup on Ubuntu.
winbind expand groups = 0
This should (could) be added to defaults.yaml.
These parameters from samba may help too-
idmap config *:backend = tdb
idmap config *:schema_mode = rfc2307
Testing this branch with pillars derived from pillar.example threw SLS rendering.
Log: pillar_example_rendering_error.txt
CRITICAL:Suse: Rendering SLS 'samba' failed, render error:
found character '@' that cannot start any token: line 30
valid users: @sharegroup '<================='
Fixed with single-quotes: pillar_example_rendering_fixed.txt
valid users: '@sharegroup'
The pillar.example should be updated accordingly.
The smb service is broken on CentOS7 with samba-0-4.8.3-4
.
[adm@myhost ~]$ head /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
Testparm reports no Errors and idmap config is setup correctly. Logs report failure.
Apr 08 08:07:41 myhost smbd[18563]: create_local_token failed: NT_STATUS_NO_MEMORY
Apr 08 08:07:41 myhost smbd[18563]: ERROR: failed to setup guest info.
Apr 08 08:07:41 myhost systemd[1]: smb.service: main process exited, code=exited, status=255/n/a
Apr 08 08:07:41 myhost systemd[1]: Failed to start Samba SMB Daemon.
-- Subject: Unit smb.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit smb.service has failed.
--
-- The result is failed.
Apr 08 08:07:41 myhost systemd[1]: Unit smb.service entered failed state.
Apr 08 08:07:41 myhost systemd[1]: smb.service failed.
Ahh, CentOS is forcing hidden dependency on its ssd package - that's naughty!!!
SOLUTION (install sssd-libwbclient)
: ```
[adm@myhost ~]$ sudo yum install sssd-libwbclient -y
.. etc ...
Installed:
sssd-libwbclient.x86_64 0:1.16.2-13.el7_6.5
Complete!
[adm@myhost ~]$ systemctl restart smb
[adm@myhost ~]$ systemctl status smb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2019-04-08 08:17:50 MDT; 11s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 18941 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4
CGroup: /system.slice/smb.service
├─18941 /usr/sbin/smbd --foreground --no-process-group
├─18944 /usr/sbin/smbd --foreground --no-process-group
├─18945 /usr/sbin/smbd --foreground --no-process-group
└─18958 /usr/sbin/smbd --foreground --no-process-group
Apr 08 08:17:50 myhost smbd[18941]: Unknown parameter encountered: "winbind trusted domains only"
Apr 08 08:17:50 myhost smbd[18941]: [2019/04/08 08:17:50.462348, 0] ../lib/param/loadparm.c:1811(lpcfg_do_global_parameter)
Apr 08 08:17:50 myhost smbd[18941]: Ignoring unknown parameter "winbind trusted domains only"
Apr 08 08:17:50 myhost smbd[18941]: [2019/04/08 08:17:50.463062, 0] ../lib/param/loadparm.c:1016(lpcfg_service_ok)
Apr 08 08:17:50 myhost smbd[18941]: WARNING: No path in service files - making it unavailable!
Apr 08 08:17:50 myhost smbd[18941]: [2019/04/08 08:17:50.647947, 0] ../lib/util/become_daemon.c:138(daemon_ready)
Apr 08 08:17:50 myhost smbd[18941]: daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections
Apr 08 08:17:50 myhost systemd[1]: Started Samba SMB Daemon.
Apr 08 08:17:51 myhost smbd[18941]: [2019/04/08 08:17:51.056669, 0] ../source3/printing/nt_printing.c:249(nt_printing_init)
Apr 08 08:17:51 myhost smbd[18941]: nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
Samba service is now working
I would like to set /usr/sbin/nologin
for user which is created only for samba access, so it wold only file browsing available, but not ssh
shell access, for example.
Allow to specify shell
and maybe other user.present
options in pillars.
Create your own packages.samba.users
"duplicate" state to "fix" user settings as needed.
On Ubuntu samba's service name should be smbd and not samba. I see that in Debian its suppose to be samba. When I switch the Debian's service name in map.jinja to smbd it works just fine on my box.
I am using Ubuntu 12.04.3 LTS.
salt 'samba' grains.items:
...
os: Ubuntu
os_family: Debian
...
So grains.filter_by defaults to using the grain os_family. The solution would be to then try to match on the grain="os". I just don't know the appropriate way to do that yet.
With Debian 8 Jessie, the /etc/init.d/samba init script is just a wrapper around /etc/init.d/{smbd,nmbd,samba-ad-dc} and is never started at boot time and it's "masked" at the systemd level.
So you really need to enable the "smbd" service starting with Debian 8 (just like on Ubuntu). Trying to use the stock formula resulted in this for me:
ID: samba
Function: service.running
Result: False
Comment: Failed when setting service samba to start at boot, and the service is dead
Changes:
the ordering part of this commit would be useful or at the very least ensuring the global section is always at the top. since any sections that appear before the global section will not inherit anything from the global section.
samba-formula/samba/users/init.sls
Line 14 in 3897734
This state uses a cmd.run which gets applied each time I do a state.apply. Is there a way to workaround this? This is a bit sad, because this will always result in a Changed=1
Summary for some host
-------------
Succeeded: 51 (changed=1)
Failed: 0
-------------
Total states run: 51
Total run time: 3.828 s
Could this be an alternative to cmd.run
?
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pdbedit.html#salt.states.pdbedit.managed
Vanilla installation of OpenSuse Leap (server) includes following Samba packages.
gvfs-backend-samba-1.28.3-2.2.x86_64
libsamba-credentials0-32bit-4.4.2-7.2.x86_64
libsamba-credentials0-4.4.2-7.2.x86_64
libsamba-errors0-32bit-4.4.2-7.2.x86_64
libsamba-errors0-4.4.2-7.2.x86_64
libsamba-hostconfig0-32bit-4.4.2-7.2.x86_64
libsamba-hostconfig0-4.4.2-7.2.x86_64
libsamba-passdb0-32bit-4.4.2-7.2.x86_64
libsamba-passdb0-4.4.2-7.2.x86_64
libsamba-util0-32bit-4.4.2-7.2.x86_64
libsamba-util0-4.4.2-7.2.x86_64
samba-client-32bit-4.4.2-7.2.x86_64
samba-client-4.4.2-7.2.x86_64
samba-libs-32bit-4.4.2-7.2.x86_64
samba-libs-4.4.2-7.2.x86_64
samba-winbind-32bit-4.4.2-7.2.x86_64
samba-winbind-4.4.2-7.2.x86_64
yast2-samba-client-3.1.18-1.1.noarch
yast2-samba-server-3.1.16-1.2.noarch
Executing the samba.init state results in broken installation-
: relocation error: /usr/lib64/samba/libauthkrb5-samba4.so: symbol tevent_req_is_unix_error, version TEVENT_UTIL_0.0.1 not defined in file libtevent-util.so.0 with link time reference
This is known issue in OpenSUSE (tumbleweed) manifesting in LEAP (version 42).
https://bugzilla.opensuse.org/show_bug.cgi?id=975862
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.