oopen-server/roles/common/tasks/samba-user.yml

---

# ---
# - default user/groups
# ---

# To be precise, samba groups are system groups. 
#
- name: (samba-user.yml) Ensure samba groups exists
  group:
    name: '{{ item.name }}'
    state: present
    gid: '{{ item.group_id | default(omit) }}'
  loop: "{{ samba_groups }}"
  loop_control:
    label: '{{ item.name }}'
  when: item.group_id is defined
  tags:
    - samba-server
    - samba-group
    - system-group

# get all user of the system
#
# Note:
#    the result ist avalable in variable getent_passwd
#
- name: (samba_user.yml) Get database of (system) users
  getent:
    database: passwd
  tags:
    - samba-server
    - samba-user
    - system-user


# Samba users mut be also system users
#
- name: (samba_user.yml) Add (system) users if not yet exists..
  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
  loop: "{{ samba_user }}"
  loop_control:
    label: '{{ item.name }}'
  when:
    - item.name not in getent_passwd
  tags:
    - samba-server
    - samba-user
    - system-user


- name: (samba-user.yml) Check if samba user exists
  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
  register: samba_user_present
  changed_when: "samba_user_present.rc == 1"
  failed_when: "samba_user_present.rc > 1"
  loop: "{{ samba_user }}"
  loop_control:
    label: '{{ item.name }}'
  tags:
    - samba-server
    - samba-user

- name: (samba-user.yml) Add user to samba (with system users password)
  shell: >
    (echo '{{ item.item.password }}'; echo '{{ item.item.password }}') 
    | smbpasswd -s -a {{ item.item.name }}    
  loop: "{{ samba_user_present.results }}"
  when: item.changed
  loop_control:
    label: '{{ item.item.name }}'
  tags:
    - samba-server
    - samba-user