saltstack-formulas / samba-formula Goto Github PK

Home Page: http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html

License: Other

SaltStack 48.91% Jinja 51.09%

samba-formula's Issues

winbind is restarted on each run

When using winbind-ad, on each run samba_winbind_pamforget_* removes lines in /var/lib/pam/seen. Those lines then get added by samba_winbind_ad_authconfig, causing changes on each run and all samba services to be restarted.

Ignoring parameter "winbind trusted domains only"

This line in pillar.example is no longer valid.

Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"

[BUG] Maintained?

I filed bug #73 over two years ago.
It's a 2-line change.

Debian Bullseye has been out for over a year, and it's also affected by map.jinja not being up-to-date:

$ git diff origin/master
diff --git a/samba/map.jinja b/samba/map.jinja
index e9021e8..43e32a9 100644
--- a/samba/map.jinja
+++ b/samba/map.jinja
@@ -15,7 +15,8 @@
             'wheezy': 'samba',
             'jessie': 'smbd',
             'stretch': 'smbd',
-            'buster': 'smbd'
+            'buster': 'smbd',
+            'bullseye': 'smbd'
         }, grain='oscodename', default='lenny'),
     },
     'Suse':{
@@ -31,8 +32,8 @@
          'client': 'smbclient',
      },
      'FreeBSD': {
-         'server': 'samba44',
-         'client': 'samba44',
+         'server': 'samba413',
+         'client': 'samba413',
          'service': 'samba_server',
          'config': '/usr/local/etc/smb4.conf',
      },

PR #75 has been sitting unmerged for a year now.

Is this repo still maintained?

Can someone get a commit bit to keep improving samba-formula or is it abandoned and someone needs to fork it?

Samba-winbind: Add 'domains users' to sudoers

I overlooked need for 'domain users' to be in sudoers.

domainUser@domainMemberHost:~$ sudo apt-get update
[sudo] password for domainUser:
Your password will expire in 18 days.
 
domainUser is not in the sudoers file.  This incident will be reported.
domainUser@domainMemberHost:~$

Include 'Suse' stanza to map.jinja

Basic support for SuSE distribution.

pdbedit for creating samba users

It would be nice if the samba.users state file would use the pdbedit state module to create samba users instead of always piping the password to smbpasswd on every run. Additionally it would allow us to only store a password hash in the pillar rather than the raw password.

smb.service ERROR: failed to setup guest info

CentOS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1648399 = Fix your configuration

Add 'MacOS' stanza to map.jinja

Basic support for Darwin.

"virtual package" names: samba-client. Will no longer be supported as of the Fluorine release.

Environment: Debbian 9 Master & Debian 9 Minion - Salt repo
I activated the state samba.users on a Test minion today, it works, but throws a Warning. See below.

          ID: samba_client
    Function: pkg.installed
        Name: samba-client
      Result: True
     Comment: The following packages were installed/updated: samba-client
     Started: 10:51:55.616968
    Duration: 46455.199 ms
     Changes:   
     ...
    Warnings: The following package(s) are "virtual package" names: samba-
              client. These will no longer be supported as of the Fluorine
              release. Please update your SLS file(s) to use the actual package
              name.

root@salt:/srv# salt --versions-report
Salt Version:
           Salt: 2018.3.4
 
Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 2.5.3
      docker-py: Not Installed
          gitdb: 2.0.0
      gitpython: 2.1.1
          ioflo: Not Installed
         Jinja2: 2.9.4
        libgit2: 0.24.5
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.8
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 0.24.2
         Python: 3.5.3 (default, Sep 27 2018, 17:25:39)
   python-gnupg: Not Installed
         PyYAML: 3.12
          PyZMQ: 16.0.2
           RAET: Not Installed
          smmap: 2.0.1
        timelib: Not Installed
        Tornado: 4.4.3
            ZMQ: 4.2.1
 
System Versions:
           dist: debian 9.9 
         locale: ANSI_X3.4-1968
        machine: x86_64
        release: 4.9.0-9-amd64
         system: Linux
        version: debian 9.9

Ignoring parameter "winbind trusted domains only" -

defaults.yaml still contains the parameter: winbind trusted domains only

Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"

"fix(defaults): remove obsolete parameter #63" did only remove half the necessary lines.

[BUG] FreeBSD Package name is incorrect

map.jinja points to samba44 for FreeBSD.
FreeBSD 12 has packages for samba410, samba411, samba412 and samba413.

There doesn't appear to be a nice way in the formula to override the package name.

Fix idmap config 'schema_mode' syntax in yaml

Problem with #42 Should defaults.yaml have ....

idmap config *:schema_mode = rfc2307 (suspected bad yaml syntax)

'idmap config *:schema_mode = rfc2307'

'idmap config *:schema_mode: rfc2307' (suspected bad samba syntax)

SSSD support

SSSD integration would be useful. This could be implemented as samba.sssd (software) and samba.sssd-ad (active directory integration) states.

section_order ignored

If you specify section_order: ['global'] to only create the global entries for smb.conf this setting is ignored; global, printers and homes (in that order) are always created.

Regression in Winbind packaging breaks APT [bionic]

Tracking https://bugs.launchpad.net/ubuntu-packaging-guide/+bug/1818431

RFE: Add winbind for AD support

required salt states?

samba.winbind
-winbind-install
-winbind-enable
-winbind-[remove]

samba.winbind.config
-winbind-samba-conf
-winbind-join-domain
-winbind-pam-conf
-winbind-krb5-conf
-winbind-auth-test

Fix painfully slow AD group lookup

For ROLE_DOMAIN_MEMBER role, the following parameter improved painfully slow AD lookup on Ubuntu.

winbind expand groups = 0

This should (could) be added to defaults.yaml.

These parameters from samba may help too-

      idmap config *:backend = tdb
      idmap config *:schema_mode = rfc2307

Suse: pillar.example SLS rendering error line 30

Testing this branch with pillars derived from pillar.example threw SLS rendering.

Log: pillar_example_rendering_error.txt

CRITICAL:Suse: Rendering SLS 'samba' failed, render error:
found character '@' that cannot start any token: line 30

valid users: @sharegroup   '<================='

Fixed with single-quotes: pillar_example_rendering_fixed.txt

valid users: '@sharegroup'

The pillar.example should be updated accordingly.

smb service on CentOS7: NT_STATUS_NO_MEMORY

The smb service is broken on CentOS7 with samba-0-4.8.3-4.

[adm@myhost ~]$ head /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"

Testparm reports no Errors and idmap config is setup correctly. Logs report failure.

Apr 08 08:07:41 myhost smbd[18563]:   create_local_token failed: NT_STATUS_NO_MEMORY
Apr 08 08:07:41 myhost smbd[18563]:   ERROR: failed to setup guest info.
Apr 08 08:07:41 myhost systemd[1]: smb.service: main process exited, code=exited, status=255/n/a
Apr 08 08:07:41 myhost systemd[1]: Failed to start Samba SMB Daemon.
-- Subject: Unit smb.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit smb.service has failed.
-- 
-- The result is failed.
Apr 08 08:07:41 myhost systemd[1]: Unit smb.service entered failed state.
Apr 08 08:07:41 myhost systemd[1]: smb.service failed.

Ahh, CentOS is forcing hidden dependency on its ssd package - that's naughty!!!

SOLUTION (install sssd-libwbclient)
: ```

[adm@myhost ~]$ sudo yum install sssd-libwbclient -y
.. etc ...                                                              
Installed:
  sssd-libwbclient.x86_64 0:1.16.2-13.el7_6.5                                                                                 
Complete!


[adm@myhost ~]$ systemctl restart smb
[adm@myhost ~]$ systemctl status smb
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-04-08 08:17:50 MDT; 11s ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 18941 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4
   CGroup: /system.slice/smb.service
           ├─18941 /usr/sbin/smbd --foreground --no-process-group
           ├─18944 /usr/sbin/smbd --foreground --no-process-group
           ├─18945 /usr/sbin/smbd --foreground --no-process-group
           └─18958 /usr/sbin/smbd --foreground --no-process-group

Apr 08 08:17:50 myhost smbd[18941]:   Unknown parameter encountered: "winbind trusted domains only"
Apr 08 08:17:50 myhost smbd[18941]: [2019/04/08 08:17:50.462348,  0] ../lib/param/loadparm.c:1811(lpcfg_do_global_parameter)
Apr 08 08:17:50 myhost smbd[18941]:   Ignoring unknown parameter "winbind trusted domains only"
Apr 08 08:17:50 myhost smbd[18941]: [2019/04/08 08:17:50.463062,  0] ../lib/param/loadparm.c:1016(lpcfg_service_ok)
Apr 08 08:17:50 myhost smbd[18941]:   WARNING: No path in service files - making it unavailable!
Apr 08 08:17:50 myhost smbd[18941]: [2019/04/08 08:17:50.647947,  0] ../lib/util/become_daemon.c:138(daemon_ready)
Apr 08 08:17:50 myhost smbd[18941]:   daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections
Apr 08 08:17:50 myhost systemd[1]: Started Samba SMB Daemon.
Apr 08 08:17:51 myhost smbd[18941]: [2019/04/08 08:17:51.056669,  0] ../source3/printing/nt_printing.c:249(nt_printing_init)
Apr 08 08:17:51 myhost smbd[18941]:   nt_printing_init: error checking published printers: WERR_ACCESS_DENIED

Samba service is now working

[FEATURE] Allow settings shell and other options for samba.user

Is your feature request related to a problem?

I would like to set /usr/sbin/nologin for user which is created only for samba access, so it wold only file browsing available, but not ssh shell access, for example.

Describe the solution you'd like

Allow to specify shell and maybe other user.present options in pillars.

Describe alternatives you've considered

Create your own packages.samba.users "duplicate" state to "fix" user settings as needed.

Ubuntu samba service name is smbd

On Ubuntu samba's service name should be smbd and not samba. I see that in Debian its suppose to be samba. When I switch the Debian's service name in map.jinja to smbd it works just fine on my box.

I am using Ubuntu 12.04.3 LTS.

salt 'samba' grains.items:
...
os: Ubuntu
os_family: Debian
...

So grains.filter_by defaults to using the grain os_family. The solution would be to then try to match on the grain="os". I just don't know the appropriate way to do that yet.

Doesn't work with Debian 8 jessie

With Debian 8 Jessie, the /etc/init.d/samba init script is just a wrapper around /etc/init.d/{smbd,nmbd,samba-ad-dc} and is never started at boot time and it's "masked" at the systemd level.

So you really need to enable the "smbd" service starting with Debian 8 (just like on Ubuntu). Trying to use the stock formula resulted in this for me:

          ID: samba
    Function: service.running
      Result: False
     Comment: Failed when setting service samba to start at boot, and the service is dead
     Changes:

Ordering sections

the ordering part of this commit would be useful or at the very least ensuring the global section is always at the top. since any sections that appear before the global section will not inherit anything from the global section.

In state "samba.user" "samba_smbpasswd_{{ login }}" gets executed each state.apply

samba-formula/samba/users/init.sls

Line 14 in 3897734

cmd.run:

This state uses a cmd.run which gets applied each time I do a state.apply. Is there a way to workaround this? This is a bit sad, because this will always result in a Changed=1

Summary for some host
-------------
Succeeded: 51 (changed=1)
Failed:     0
-------------
Total states run:     51
Total run time:    3.828 s

Could this be an alternative to cmd.run?
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pdbedit.html#salt.states.pdbedit.managed

Suse: Relocation Error on LEAP

Vanilla installation of OpenSuse Leap (server) includes following Samba packages.

gvfs-backend-samba-1.28.3-2.2.x86_64
libsamba-credentials0-32bit-4.4.2-7.2.x86_64
libsamba-credentials0-4.4.2-7.2.x86_64
libsamba-errors0-32bit-4.4.2-7.2.x86_64
libsamba-errors0-4.4.2-7.2.x86_64
libsamba-hostconfig0-32bit-4.4.2-7.2.x86_64
libsamba-hostconfig0-4.4.2-7.2.x86_64
libsamba-passdb0-32bit-4.4.2-7.2.x86_64
libsamba-passdb0-4.4.2-7.2.x86_64
libsamba-util0-32bit-4.4.2-7.2.x86_64
libsamba-util0-4.4.2-7.2.x86_64
samba-client-32bit-4.4.2-7.2.x86_64
samba-client-4.4.2-7.2.x86_64
samba-libs-32bit-4.4.2-7.2.x86_64
samba-libs-4.4.2-7.2.x86_64
samba-winbind-32bit-4.4.2-7.2.x86_64
samba-winbind-4.4.2-7.2.x86_64
yast2-samba-client-3.1.18-1.1.noarch
yast2-samba-server-3.1.16-1.2.noarch

Executing the samba.init state results in broken installation-

: relocation error: /usr/lib64/samba/libauthkrb5-samba4.so: symbol tevent_req_is_unix_error, version TEVENT_UTIL_0.0.1 not defined in file libtevent-util.so.0 with link time reference

This is known issue in OpenSUSE (tumbleweed) manifesting in LEAP (version 42).
https://bugzilla.opensuse.org/show_bug.cgi?id=975862

saltstack-formulas / samba-formula Goto Github PK

samba-formula's Issues

Is your feature request related to a problem?

Describe the solution you'd like

Describe alternatives you've considered

Recommend Projects

Recommend Topics

Recommend Org