Setting Samba passwords with Ansible

smbpassword-ansible.md

Scenario: You want to create a user in Linux, and set a Samba password for it, all from Ansible:

Notes:

• This will not update the Samba password if you change the variable.

To create the encrypted vault string, run: ansible-vault encrypt_string --ask-vault-password 'some_password'

- name: Create OS group
  group:
    name: smbgroup
    state: present
    system: no

- name: Create OS user
  user:
    name: smbuser
    group: smbgroup
    createhome: no
    system: no
    state: present
    shell: /sbin/nologin

- name: Fetch current smbpasswd users
  command: /usr/bin/pdbedit -L
  register: pdb_users

- name: Set Samba password for smbuser
  shell: echo '{{ smbuser_password }}' | /usr/bin/smbpasswd -s -a smbuser
  when: pdb_users.stdout.find('smbuser') == -1
  vars:
    smbuser_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          123456encryptedblah
          goeshere123456

You don't need a shell command with an echo statement here. You can use a command task with the stdin directive:

- name: Set Samba password for smbuser
  command:
    cmd: /usr/bin/smbpasswd -s -a smbuser
    stdin: |
      {{ smbuser_password }}
      {{ smbuser_password }}
  when: pdb_users.stdout.find('smbuser') == -1
  vars:
    smbuser_password: secret

Note that we need to provide the password twice, because smbpasswd wants both the password and a confirmation.

Ooh yes, that's definitely nicer! Thanks!