samba: This module manages Samba/CIFS, the virtual filesystem based on SMB protocol.samba::client: @summary: This module installs the SAMBA/CIFS client. samba::clientsamba::config: @summary: Creates the [global] config section in smb.conf file.samba::firewall: @summary: Manage the firewallsamba::install: samba::installsamba::service: samba::service
samba::option: Manages smb.conf options.samba::share: == Define samba::share
For all main options, see the smb.conf(5) and samba(7) man pages. Default values for all parameters can be found at https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html. For the SELinux related options, see smbd_selinux(8).
Sample Usage : include samba
The following parameters are available in the samba class:
packagespackage_managepackage_ensureconfig_fileconfig_lensservice_enableservice_ensureservice_manageservice_nameservice_portsfirewall_manageworkgroupserver_stringnetbios_namedomain_masterpreferred_masterlocal_masteros_levelwins_supportwins_servername_resolve_orderserver_min_protocolclient_max_protocolclient_min_protocolhosts_allowhosts_denyinterfacesbind_interfaces_onlylog_filemax_log_sizepassdb_backenddomain_logonsmap_to_guestsecurityencrypt_passwordsunix_password_syncsocket_optionssyslogntlm_authmachine_password_timeoutrealmkerberos_methoddedicated_keytab_fileobey_pam_restrictionssharesadditional_configidmap_config
Data type:
Struct[{
server => Array[String[1]],
client => Array[String[1]],
utils => Array[String[1]],
}]Names of the server, client and utility pacakges to be installed when managing Samba.
Data type: Boolean
Should this module manage the installation/removal of the $packages?
Data type: Stdlib::Ensure::Package
The installation state of $packages.
Data type: String
The Augeas lens to use for managing the smb.conf file.
Data type: String
The Augeas lens to use for managing the smb.conf file.
Data type: Variant[Enum[mask, manual], Boolean]
Enable/disable the Samba service on reboot.
Data type: Enum[stopped, running]
The value of ensure for package resources.
Data type: Boolean
Should the Samba service be managd by this module?
Data type: Array[String]
The name of the Samba service.
Data type:
Array[
Struct[
{
port => Integer[0, 65535],
proto => Enum[tcp, udp],
}
]
]The service ports to be added to the firewall (if managed).
Data type: Boolean
Manage the firewall rules for the Samba services.
Data type: Variant[Undef, String]
This controls what workgroup your server will appear to be in when queried by clients.
Default value: 'WORKGROUP'
Data type: Variant[Undef, String]
This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view.
Default value: '%h server (Samba Server Version %v)'
Data type: Variant[Undef, String]
This sets the NetBIOS name by which a Samba server is known.
Default value: '%{facts.networking.hostname}'
Data type: Variant[Boolean, String]
Tell smbd(8) to enable WAN-wide browse list collation.
Default value: 'auto'
Data type: Variant[Boolean, String]
This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup.
Default value: 'auto'
Data type: Variant[Undef, Boolean]
This option allows nmbd(8) to try and become a local master browser on a subnet.
Default value: true
Data type: Variant[Undef, Integer[0, 255]]
This integer value controls what level Samba advertises itself as for browse elections.
Default value: 20
Data type: Variant[Undef, Boolean]
This boolean controls if the nmbd(8) process in Samba will act as a WINS server.
Default value: false
Data type: Variant[Undef, String]
This specifies the IP address (or DNS name: IP address for preference) of the WINS server that nmbd(8) should register with.
Default value: undef
Data type: Variant[Undef, String]
This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses.
Default value: 'lmhosts wins host bcast'
Data type: Variant[Undef, String]
This setting controls the minimum protocol version that the server will allow the client to use.
Default value: 'SMB2_10'
Data type: Variant[Undef, String]
The value of the parameter (a string) is the highest protocol level that will be supported for IPC$ connections as DCERPC transport.
Default value: 'SMB3'
Data type: Variant[Undef, String]
This setting controls the minimum protocol version that the client will attempt to use.
Default value: 'SMB2_10'
Data type: Array[String]
This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.
Default value: []
Data type: Array[String]
The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one.
Default value: ['ALL']
Data type: Array[String]
default: interfaces =
Default value: []
Data type: Variant[Undef, Boolean]
This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
Default value: false
Data type: Variant[Undef, String]
This option allows you to override the name of the Samba log file (also known as the debug file).
Default value: '/var/log/samba/log.%m'
Data type: Variant[Undef, Integer]
This option (an integer in kilobytes) specifies the max size the log file should grow to.
Default value: 10000
Data type: Variant[Undef, String]
This option allows the administrator to chose which backend will be used for storing user and possibly group information.
Default value: 'tdbsam'
Data type: Variant[Undef, Boolean]
DEPRECATED: This parameter has been deprecated since Samba 4.13 and support for NT4-style domain logons(as distinct from the Samba AD DC) will be removed in a future Samba release.
Default value: false
Data type: Variant[Undef, String]
This parameter can take four different values, which tell smbd(8) what to do with user login requests that don't match a valid UNIX user in some way.
Default value: 'Never'
Data type: Variant[Undef, String]
This option affects how clients respond to Samba.
Default value: 'auto'
Data type: Variant[Undef, Boolean]
DEPRECATED: This boolean controls whether encrypted passwords will be negotiated with the client
Default value: true
Data type: Variant[Undef, Boolean]
This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed.
Default value: false
Data type: Variant[Undef, String]
This option allows you to set socket options to be used when talking with the client.
Default value: 'TCP_NODELAY'
Data type: Variant[Undef, String]
This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
Default value: undef
Data type: Variant[Enum['ntlmv1-permitted', 'ntlmv2-only', 'mschapv2-and-ntlmv2-only', 'disabled'], Boolean]
This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response for this local passdb (SAM or account database).
Default value: false
Data type: Variant[Undef, Integer]
This parameter specifies how often the MACHINE ACCOUNT password will be changed, in seconds.
Default value: 604800
Data type: Variant[Undef, String]
This option specifies the kerberos realm to use.
Default value: undef
Data type: Variant[Undef, String]
Controls how kerberos tickets are verified.
Default value: 'default'
Data type: Variant[Undef, String]
Specifies the absolute path to the kerberos keytab file when kerberos method is set to "dedicated keytab".
Default value: undef
Data type: Variant[Undef, Boolean]
This parameter will control whether or not Samba should obey PAM's account and session management directives.
Default value: false
Data type: Hash
A hash of share names, their path(s) and other parameters.
Default value: {}
Data type: Variant[Undef, Hash]
Additional configuration options to be added to the server smb.conf file.
Default value: {}
Data type: Variant[Undef, Hash]
The mapping between Windows SIDs and Unix user and group IDs.
Default value: {}
@summary: This module installs the SAMBA/CIFS client. samba::client
The following parameters are available in the samba::client class:
Data type:
Struct[{
server => Array[String[1]],
client => Array[String[1]],
utils => Array[String[1]],
}]The name of the Samba client package.
Default value: $samba::packages
Data type: Boolean
Should the Samba client package be managed by this module?
Default value: $samba::package_manage
Data type: Stdlib::Ensure::Package
The installation state of the Samba client package
Default value: $samba::package_ensure
@summary: Creates the [global] config section in smb.conf file.
@summary: Manage the firewall
samba::install
samba::service
Manages smb.conf options.
The following parameters are available in the samba::option defined type:
Data type: String
This is the Samba configuration parameter to be set.
Default value: $title
Data type: Variant[Boolean, Integer, String, Array[String], Undef]
The value of $key in the smb.conf file.
Default value: undef
Data type: String
The path to the Samba configuration file. eg: /etc/samba/smb.conf.
Default value: $samba::config_file
Data type: String
The Augeas lens used to manage the entries in the $config_file.
Default value: $samba::config_lens
Data type: String
The Augeas target for the key/value pair settings.
Default value: $samba::target
== Define samba::share
The following parameters are available in the samba::share defined type:
commentpathwritableavailablebrowseableinherit_aclhost_msdfshosts_allowhosts_denycopycreate_maskdirectory_maskforce_create_modeforce_directory_modeforce_groupforce_userguest_accountguest_okguest_onlyhide_unreadableinherit_ownerinherit_permissionsread_onlypublicprintablevalid_usersfollow_symlinkswide_linksmap_acl_inheritstore_dos_attributesstrict_allocateoplockslevel2_oplocksveto_oplock_fileswrite_listensure
Data type: Optional[String]
This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
This parameter specifies a directory to which the user of the service is to be given access.
Default value: undef
Data type: Optional[Boolean]
If this parameter is true (ie: yes) then users of a service may create or modify files in the service's directory.
Default value: undef
Data type: Optional[Boolean]
This parameter lets you "turn off" a service. If available = false (ie, no), then ALL attempts to connect to the service will fail.
Default value: undef
Data type: Optional[Boolean]
This controls whether this share is seen in the list of available shares in a net view and in the browse list.
Default value: undef
Data type: Optional[Boolean]
The inherit acl parameter in Samba controls whether Access Control Lists (ACLs) set on parent directories are automatically inherited by new files and subdirectories created within them.
Default value: undef
Data type: Optional[Boolean]
The host msdfs parameter controls whether the Samba server acts as an MSDFS root, facilitating redirection of file shares in a distributed file system.
Default value: undef
Data type: Optional[Array[String]]
The hosts allow parameter limit access to these ip-addresses.
Default value: undef
Data type: Optional[Array[String]]
The hosts deny parameter deny access to these ip-addresses.
Default value: undef
Data type: Optional[String]
This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name.
Default value: undef
Data type: Optional[String]
This parameter is a bit-wise MASK for the UNIX modes of a file.
Default value: undef
Data type: Optional[String]
This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.
Default value: undef
Data type: Optional[String]
This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba.
Default value: undef
Data type: Optional[String]
This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba.
Default value: undef
Data type: Optional[String]
This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service.
Default value: undef
Data type: Optional[String]
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service.
Default value: undef
Data type: Optional[String]
This is a username which will be used for access to services which are specified as $guest_ok (see below).
Default value: undef
Data type: Optional[Boolean]
If this parameter is true (ie: yes) for a service, then no password is required to connect to the service.
Default value: undef
Data type: Optional[Boolean]
If this parameter is true (ie: yes) for a service, then only guest connections to the service are permitted
Default value: undef
Data type: Optional[Boolean]
This parameter prevents clients from seeing the existence of files that cannot be read.
Default value: undef
Data type: Optional[Boolean]
The ownership of new files and directories is normally governed by effective uid of the connected user.
Default value: undef
Data type: Optional[Boolean]
The permissions on new files and directories are normally governed by create mask, directory mask, force create mode and force directory mode
Default value: undef
Data type: Optional[Boolean]
If this parameter is true (ie: yes) then users of a service may not create or modify files in the service's directory.
Default value: undef
Data type: Optional[Boolean]
If this parameter is true (ie: yes) for a service, then no password is required to connect to the service.
Default value: undef
Data type: Optional[Boolean]
If this parameter is true (ie: yes) then clients may open, write to and submit spool files on the directory specified for the service.
Default value: undef
Data type: Optional[Array[String]]
This is a list of users that should be allowed to login to this service.
Default value: undef
Data type: Optional[Boolean]
This parameter allows the Samba administrator to stop smbd(8) from following symbolic links in a particular share.
Default value: undef
Data type: Optional[Boolean]
This parameter controls whether or not links in the UNIX file system may be followed by the server
Default value: undef
Data type: Optional[Boolean]
this parameter controls whether smbd(8) will attempt to map the 'protected' (don't inherit) flags of the Windows ACLs into an extended attribute called user.SAMBA_PAI (POSIX draft ACL Inheritance).
Default value: undef
Data type: Optional[Boolean]
When set, DOS attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or directory.
Default value: undef
Data type: Optional[Boolean]
When this is set to yes the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour of actually forcing the disk system to allocate real storage blocks when a file is created or extended to be a given size. In UNIX terminology this means that Samba will stop creating sparse files.
Default value: undef
Data type: Optional[String]
This boolean option tells smbd whether to issue oplocks (opportunistic locks) to file open requests on this share.
Default value: undef
Data type: Optional[String]
This parameter controls whether Samba supports level2 (read-only) oplocks on a share.
Default value: undef
Data type: Optional[String]
This parameter allows the Samba administrator to selectively turn off the granting of oplocks on selected files that match a wildcarded list, similar to the wildcarded list used in the veto files parameter.
Default value: undef
Data type: Optional[String]
This is a list of users that are given read-write access to a service.
Default value: undef
Data type: Enum[present, absent]
The absent/present state of the key/value parameter.
Default value: present