roles/samba-dc: Support configuring TLS

In order to enable LDAPS/STARTTLS support in Samba, the `tls enabled` option must be set to `yes` and the `tls keyfile` and `tls certfile` options must be set to the path of the private key and certificate files, respectively, that Samba will use. The `samba_tls_enabled`, `samba_tls_keyfile`, and `samb_tls_certfile` Ansible variables can be used to control these values.
2018-05-28 15:18:56 -05:00 · 2018-05-28 15:18:56 -05:00 · 93598145b6
parent 024f9f719d
commit 93598145b6
1 changed files with 9 additions and 0 deletions
--- a/roles/samba-dc/templates/smb.conf.j2
+++ b/roles/samba-dc/templates/smb.conf.j2
@ -11,6 +11,15 @@
 	template homedir = {{ winbind_template_homedir }}
 	template shell = /bin/bash

+{% if samba_tls_enabled|bool %}
+	tls enabled = yes
+	tls keyfile = {{ samba_tls_keyfile }}
+	tls certfile = {{ samba_tls_certfile }}
+{% if samba_tls_cafile is defined %}
+	tls cafile = {{ samba_tls_cafile }}
+{% endif %}
+{% endif %}
+
 [netlogon]
 	path = /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
 	read only = No