--- /dev/null
+---
+
+#- name: realmd package
+# package:
+# name: realmd
+# state: present
+
+- name: Set up NSS, PAM, KRB5, ...
+ fail:
+ msg: "Invalid auth_method: {{ auth_method }}"
+ when: auth_method != 'files' and auth_method != 'winbind'
+
+# FIXME: We don't generally use this so just select sssd for now
+- name: Set up NSS, PAM, ...
+ command: authselect select sssd
+ when: auth_method == 'files'
+
+# authselect-migration(7) says to use realm(8). However, this wants
+# to join the domain and it isn't clear that it knows how to set this
+# up for the Samba registry
+- name: Set up NSS, PAM, KRB5, ...
+ command: authselect select -f winbind with-krb5
+ when: auth_method == 'winbind'
+
+- name: Install krb5.conf snippet
+ template:
+ src: krb5_conf.j2
+ dest: /etc/krb5.conf.d/autocluster-winbind
---
+- name: check for authconfig
+ stat:
+ path: /usr/sbin/authconfig
+ register: aconfig
+
+- name: check for authselect
+ stat:
+ path: /usr/bin/authselect
+ register: aselect
+
+- name: fail if both authselect and authconfig are unavailable
+ fail: msg="Both authselect and authconfig are unavailable"
+ when: (aselect.stat.executable is undefined or
+ not aselect.stat.executable) and
+ (aconfig.stat.executable is undefined or
+ not aconfig.stat.executable)
+
+- include_tasks: samba_authselect.yml
+ when: aselect.stat.executable is defined and aselect.stat.executable
+
- include_tasks: samba_authconfig.yml
+ when: aconfig.stat.executable is defined and aconfig.stat.executable
--- /dev/null
+[realms]
+ {{ resolv_conf.domain }} = {
+ kdc = {{ kdc }}.{{ resolv_conf.domain }}
+ }
+
+[domain_realm]
+ {{ resolv_conf.domain }} = {{ resolv_conf.domain }}
+ .{{ resolv_conf.domain }} = {{ resolv_conf.domain }}