Puppet Class: samba

Inherited by:
samba::config
samba::install
samba::service
samba::firewall
Defined in:
manifests/init.pp

Summary

This module manages Samba/CIFS, the virtual filesystem based on SMB protocol.

Overview

For all main options, see the smb.conf(5) and samba(7) man pages. Default values for all parameters can be found at www.samba.org/samba/docs/current/man-html/smb.conf.5.html. For the SELinux related options, see smbd_selinux(8).

Sample Usage :

include samba

Parameters:

  • packages (Struct[{ server => Array[String[1]], client => Array[String[1]], utils => Array[String[1]], }])

    Names of the server, client and utility pacakges to be installed when managing Samba.

  • package_manage (Boolean)

    Should this module manage the installation/removal of the $packages?

  • package_ensure (Samba::PackageState)

    The installation state of $packages.

  • config_file (String)

    The Augeas lens to use for managing the smb.conf file.

  • config_lens (String)

    The Augeas lens to use for managing the smb.conf file.

  • service_enable (Variant[Enum[mask, manual], Boolean])

    Enable/disable the Samba service on reboot.

  • service_ensure (Enum[stopped, running])

    The value of “ensure“ for package resources.

  • service_manage (Boolean)

    Should the Samba service be managd by this module?

  • service_name (Array[String])

    The name of the Samba service.

  • service_ports (Array[ Struct[ { port => Integer[0, 65535], proto => Enum[tcp, udp], } ] ])

    The service ports to be added to the firewall (if managed).

  • firewall_manage (Boolean)

    Manage the firewall rules for the Samba services.

  • workgroup (Optional[String])

    This controls what workgroup your server will appear to be in when queried by clients.

  • server_string (Optional[String])

    This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view.

  • netbios_name (Optional[String])

    This sets the NetBIOS name by which a Samba server is known.

  • domain_master (Optional[Boolean])

    Tell smbd(8) to enable WAN-wide browse list collation.

  • preferred_master (Optional[Boolean])

    This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup.

  • local_master (Optional[Boolean])

    This option allows nmbd(8) to try and become a local master browser on a subnet.

  • os_level (Optional[Integer[0, 255]])

    This integer value controls what level Samba advertises itself as for browse elections.

  • wins_support (Optional[Boolean])

    This boolean controls if the nmbd(8) process in Samba will act as a WINS server.

  • wins_server (Optional[String])

    This specifies the IP address (or DNS name: IP address for preference) of the WINS server that nmbd(8) should register with.

  • name_resolve_order (Optional[String])

    This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses.

  • server_min_protocol (Optional[String])

    This setting controls the minimum protocol version that the server will allow the client to use.

  • client_max_protocol (Optional[String])

    The value of the parameter (a string) is the highest protocol level that will be supported for IPC$ connections as DCERPC transport.

  • client_min_protocol (Optional[String])

    This setting controls the minimum protocol version that the client will attempt to use.

  • hosts_allow (Array[String])

    This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

  • hosts_deny (Array[String])

    The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one.

  • interfaces (Array[String])

    default: interfaces =

  • bind_interfaces_only (Optional[Boolean])

    This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.

  • log_file (Optional[String])

    This option allows you to override the name of the Samba log file (also known as the debug file).

  • max_log_size (Optional[Integer])

    This option (an integer in kilobytes) specifies the max size the log file should grow to.

  • passdb_backend (Optional[String])

    This option allows the administrator to chose which backend will be used for storing user and possibly group information.

  • domain_logons (Optional[Boolean])

    DEPRECATED: This parameter has been deprecated since Samba 4.13 and support for NT4-style domain logons(as distinct from the Samba AD DC) will be removed in a future Samba release.

  • map_to_guest (Optional[String])

    This parameter can take four different values, which tell smbd(8) what to do with user login requests that don’t match a valid UNIX user in some way.

  • security (Optional[String])

    This option affects how clients respond to Samba.

  • encrypt_passwords (Optional[Boolean])

    DEPRECATED: This boolean controls whether encrypted passwords will be negotiated with the client

  • unix_password_sync (Optional[Boolean])

    This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed.

  • socket_options (Optional[String])

    This option allows you to set socket options to be used when talking with the client.

  • syslog (Optional[String])

    This parameter maps how Samba debug messages are logged onto the system syslog logging levels.

  • ntlm_auth (Variant[Enum['ntlmv1-permitted', 'ntlmv2-only', 'mschapv2-and-ntlmv2-only', 'disabled'], Boolean])

    This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response for this local passdb (SAM or account database).

  • machine_password_timeout (Optional[Integer])

    This parameter specifies how often the MACHINE ACCOUNT password will be changed, in seconds.

  • realm (Optional[String])

    This option specifies the kerberos realm to use.

  • kerberos_method (Optional[String])

    Controls how kerberos tickets are verified.

  • dedicated_keytab_file (Optional[String])

    Specifies the absolute path to the kerberos keytab file when kerberos method is set to “dedicated keytab”.

  • obey_pam_restrictions (Optional[Boolean])

    This parameter will control whether or not Samba should obey PAM’s account and session management directives.

  • shares (Hash) (defaults to: {})

    A hash of share names, their path(s) and other parameters.

  • idmap_config (Optional[Hash])

    The mapping between Windows SIDs and Unix user and group IDs.



148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'manifests/init.pp', line 148

class samba (
  Struct[{
      server => Array[String[1]],
      client => Array[String[1]],
      utils  => Array[String[1]],
  }]      $packages,
  Boolean $package_manage,
  Samba::PackageState                  $package_ensure,
  String  $config_file,
  String  $config_lens,
  Variant[Enum[mask, manual], Boolean] $service_enable,
  Enum[stopped, running]               $service_ensure,
  Boolean $service_manage,
  Array[String]                        $service_name,
  Array[
    Struct[
      {
        port  => Integer[0, 65535],
        proto => Enum[tcp, udp],
      }
    ]
  ]       $service_ports,
  Boolean $firewall_manage,

  # Main smb.conf options
  Optional[String] $workgroup,
  Optional[String] $server_string,
  Optional[String] $netbios_name,
  Optional[Boolean] $domain_master,
  Optional[Boolean] $preferred_master,
  Optional[Boolean] $local_master,
  Optional[Integer[0, 255]] $os_level,
  Optional[Boolean] $wins_support,
  Optional[String] $wins_server,
  Optional[String] $name_resolve_order,
  Optional[String] $server_min_protocol,
  Optional[String] $client_max_protocol,
  Optional[String] $client_min_protocol,
  Array[String] $hosts_allow,
  Array[String] $hosts_deny,
  Array[String] $interfaces,
  Optional[Boolean] $bind_interfaces_only,
  Optional[String] $log_file,
  Optional[Integer] $max_log_size,
  Optional[String] $passdb_backend,
  Optional[Boolean] $domain_logons,
  Optional[String] $map_to_guest,
  Optional[String] $security,
  Optional[Boolean] $encrypt_passwords,
  Optional[Boolean] $unix_password_sync,
  Optional[String] $socket_options,
  Optional[String] $syslog,
  Variant[Enum['ntlmv1-permitted', 'ntlmv2-only', 'mschapv2-and-ntlmv2-only', 'disabled'], Boolean] $ntlm_auth,
  Optional[Integer] $machine_password_timeout,
  Optional[String] $realm,
  Optional[String] $kerberos_method,
  Optional[String] $dedicated_keytab_file,
  Optional[Boolean] $obey_pam_restrictions,
  Optional[Hash] $idmap_config,

  Hash $shares = {},
) {
  $incl = $config_file
  $context = "/files${incl}"
  $target = 'target[. = "global"]'

  if ($package_ensure in ['absent', 'purged']) {
    class { "${module_name}::install": }
  } else {
    contain 'samba::install'
    contain 'samba::config'
    contain 'samba::service'
    contain 'samba::firewall'

    Class['samba::install']
    -> Class['samba::config']
    ~> Class['samba::service']
    -> Class['samba::firewall']
  }
}