- name: Install required packages apt: name: - realmd - sssd - libpam-mount - kstart - heimdal-clients - name: Remove krb5-user apt: name: krb5-user state: absent - name: Set OU set_fact: ou_path: "OU={{locations[0]}},OU=Ucilnice" - name: Show state debug: msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}" # - import_tasks: ne_sysprep.yaml - name: "Rename" # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom hostname: name: "{{inventory_hostname}}-linux" register: hostname_res - name: Check whether we already joined command: /bin/bash -c "/usr/sbin/realm list" register: realm_list_results - name: Join using realmd expect: command: realm join --user={{ad_join_user}} --computer-ou={{ou_path}} {{domain_name}} responses: (?i)Password: "{{ad_join_password}}" ignore_errors: yes when: realm_list_results.stdout == "" - name: Copy sssd config template: src: sssd.conf dest: "/etc/sssd/sssd.conf" owner: root mode: 0600 #- name: Configure libpam-mount # copy: # src: pam_mount.conf.xml # dest: /etc/security/pam_mount.conf.xml #- name: Enable libpam-mount # command: pam-auth-update --enable libpam-mount # become: true - name: Disable libpam-mkhomedir command: pam-auth-update --disable mkhomedir become: true - name: Create kstart service copy: src: kstart.service dest: /etc/systemd/system/kstart.service - name: Start kstart service to enable cifs mount copy: src: kstart.service dest: /etc/systemd/system/kstart.service - name: Add mount - cifs_home mount: boot: true fstype: cifs src: "//ucilnicesmb.fri1.uni-lj.si/ucilnice_d" path: /mnt/cifs_home state: mounted opts: "cruid=0,username={{ inventory_hostname }}-linux@FRI1.UNI-LJ.SI,sec=krb5i,nobrl,sfu,nostrictsync,cache=loose,mfsymlinks,dir_mode=0700,file_mode=0700,fsc,multiuser,x-systemd.requires=kstart.service" - name: Restart sssd service: name: sssd state: restarted