WARNING
Check out Debian ‘AD Join’ Playbook - Complete Playbook, what’s bellow may not be up-to-date.
- name: Install required packages
hosts: bookworm2
become: yes
tasks:
- name: Install packages with apt
apt:
name:
- realmd
- sssd
- sssd-tools
- libnss-sss
- libsss-sudo
- libpam-sss
- adcli
- samba-common-bin
- oddjob
- oddjob-mkhomedir
- packagekit
state: present- name: Enable mkhomedir using pam-auth-update
hosts: bookworm2
tasks:
- name: Run pam-auth-update command
become: yes
become_user: root
command: pam-auth-update --enable mkhomedir- name: Create realmd.conf file with OS information
hosts: bookworm2
gather_facts: yes
become: yes
tasks:
- name: Create realmd.conf file
template:
src: templates/realmd.conf.j2
dest: /etc/realmd.conf
vars:
os_name: "{{ ansible_distribution }}"
os_version: "{{ ansible_distribution_version }}"- name: Join the realm with password
hosts: bookworm2
become: yes
tasks:
- name: Join the realm using realm join command
expect:
command: realm join tomraud.fr --user=administrateur
responses:
"Password for administrateur:": [REDACTED]- name: Update sssd.conf
hosts: bookworm2
become: yes
tasks:
- name: Update sssd.conf 1/2
lineinfile:
path: /etc/sssd/sssd.conf
regexp: '^use_fully_qualified_names\s*='
line: 'use_fully_qualified_names = False'
- name: Update sssd.conf 2/2
lineinfile:
path: /etc/sssd/sssd.conf
regexp: '^services\s*='
line: 'services = nss, pam, sudo'
# - name: Add sudoers configuration to nsswitch.conf
# blockinfile:
# path: /etc/nsswitch.conf
# block: |
# sudoers: files sss
- name: Add sudoers configuration to nsswitch.conf
blockinfile:
path: /etc/sssd/sssd.conf
block: |
ldap_sudo_search_base = ou=DevRules,ou=sudoRules,ou=Linux,ou=Postes de travail,dc=tomraud,dc=fr
- name: Restart sssd service
systemd:
name: sssd
state: restarted