{"id":20463347,"url":"https://github.com/fflch/ansible-role-sambadc","last_synced_at":"2026-01-07T19:05:55.803Z","repository":{"id":59185189,"uuid":"134964605","full_name":"fflch/ansible-role-sambadc","owner":"fflch","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-03T20:59:30.000Z","size":58,"stargazers_count":0,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-04T20:26:53.908Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fflch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-05-26T13:39:57.000Z","updated_at":"2022-08-09T18:00:09.000Z","dependencies_parsed_at":"2023-12-18T20:35:52.432Z","dependency_job_id":null,"html_url":"https://github.com/fflch/ansible-role-sambadc","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fflch%2Fansible-role-sambadc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fflch%2Fansible-role-sambadc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fflch%2Fansible-role-sambadc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fflch%2Fansible-role-sambadc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fflch","download_url":"https://codeload.github.com/fflch/ansible-role-sambadc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246237413,"owners_count":20745346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T13:10:39.340Z","updated_at":"2026-01-07T19:05:55.797Z","avatar_url":"https://github.com/fflch.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"sambadc role\n============\n\nThis role only does two jobs:\n\n - Configure a pre-installed samba server to be a new Domain Controler (DC)\n - Or configure a pre-installed samba server to join to existent DC group\n \n This role does not do the following, but depends them to work:\n \n - Install samba\n - Configure resolv.conf\n\nSaid that, this role contains a lot of codes and ideas copied from another roles and were\ngrouped here to achieve a different approach to setup samba dc:\n\n\n - https://github.com/yamb00/ansible-role-samba\n - https://github.com/bertvv/ansible-role-samba\n - https://github.com/mrlesmithjr/ansible-samba\n - https://github.com/criecm/ansible-role-samba\n - https://github.com/gentoo-ansible/role-samba-dc\n - https://github.com/tschifftner/ansible-role-samba\n - https://github.com/jtyr/ansible-samba\n - https://github.com/raasss/ansible-role-samba\n - https://github.com/HiTechRabbit/secondary_dc_samba_ansible\n - https://github.com/darrylweaver/ansible-samba\n\nExample Playbook\n----------------\n\nYou should install samba before run this role:\n\n    - hosts: servers\n      roles:\n         - uspdev.install_samba\n         - uspdev.sambadc\n\nTips\n----\n\nShow domain level password options.\n\n    samba-tool domain passwordsettings show\n\n## Procedimento de restauração de backup em caso de pane.\n\nBaseado em https://wiki.samba.org/index.php/Using_the_samba_backup_script\n\nCriar nova máquina com:\n\n - mesmo hostname\n - mesmo ip\n\nInstalar samba e o configure como DC. Use a esta role, sambadc, para esta função.\nParar o serviço do samba:\n\n/usr/sbin/service samba-ad-dc stop\n\nConfigurar id (que está no backup):\n\n    net setdomainsid S-1-5-21-1948074455-2901749274-3793093824\n\nRemove as pastas:\n\n    rm -rf /etc/samba/ /var/lib/samba/\n\nDescompactar backups:\n\n    tar -jxf etc_samba.tar.bz2 -C /etc\n    tar -jxf var_lib_samba.tar.bz2 -C /var/lib/\n    tar -jxf var_lib_samba_private.tar.bz2 -C /var/lib/samba/\n    tar -jxf var_lib_samba_sysvol.tar.bz2 -C /var/lib/samba/\n\nCriar os arquivos para idepotência da role sambadc:\n\n    touch /var/.samba_ad_created\n    touch /var/.samba_ad_joined\n\n[VERIFICAR] Não entendi se precisamos rodar ou não:\n\n    samba-tool ntacl sysvolreset\n\nSubir o serviço:\n\n    /usr/sbin/service samba-ad-dc start\n\n\n## Procedimento de remover um Domain Controller manualmente\n\nBaseado em https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC\n\nPara verificar todos Domain Controllers que fazem parte do grupo:\n\n    ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid\n\n### Caso em que ainda temos acesso ao DC que vamos desmontar\n\nO DC que vamos desmontar não pode ser owner. Para verificar em ambos DCs:\n\n    samba-tool fsmo show\n\nExemplo de saída:\n\n    SchemaMasterRole owner: CN=NTDS Settings,CN=VAGRANTFIRSTDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smbdomain,DC=local,DC=br\n\nComo o DC que vamos desmontar é o VAGRANTFIRSTDC, vamos acessar o novo DC e defini-lo como owner:\n\n    samba-tool fsmo transfer --role='all' -Uadministrator --password='SuperSenh@1'\n\nRodando novamente:\n\n    samba-tool fsmo show\n\nVerificamos que VAGRANTSAMBADCDEBIAN11 agora é o owner:\n\n    SchemaMasterRole owner: CN=NTDS Settings,CN=VAGRANTSAMBADCDEBIAN11,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smbdomain,DC=local,DC=br\n\nVoltando ao Domain Controller que queremos remover:\n\n    samba-tool domain demote -Uadministrator --password='SuperSenh@1'\n\nVerificar se o domain controller removido não faz mais parte dos Domains Controllers:\n\n    ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid\n    \nListando entradas DNS no samba firstdc por cli:\n    \n    samba-tool dns query 192.168.8.48 smbdomain.local.br @ ALL -UAdministrator%SuperSenh@1\n\nDeletando a entrada de ip 192.168.121.237 do host printers.smbdomain.local.br por cli:\n\n    samba-tool dns delete 192.168.8.48 smbdomain.local.br printers.smbdomain.local.br A 192.168.121.237 -UAdministrator%SuperSenh@1\n\nDeletando o computador ATFN-ROSA:\n    \n    ldbsearch -H /var/lib/samba/private/sam.ldb '(objectClass=computer)' dn sAMAccountName | grep ROSA\n    Resposta: dn: CN=ATFN-ROSA,CN=Computers,DC=smbdomain,DC=fflch,DC=usp,DC=br\n    ldbdel -H /var/lib/samba/private/sam.ldb \"CN=ATFN-ROSA,CN=Computers,DC=smbdomain,DC=fflch,DC=usp,DC=br\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffflch%2Fansible-role-sambadc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffflch%2Fansible-role-sambadc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffflch%2Fansible-role-sambadc/lists"}