diff --git a/CHANGELOG.md b/CHANGELOG.md
index cfb3c8f..0be40fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,14 +3,14 @@
**Features:**
This is a major release after a long while. The main reason for not being able to create a new release was two folds.
-Firstly, the `pdk` in the latest releases has become almost unworkable (maybe it is my lack of understanding, but I do
-not have the time commitment required to keep up with what is going on in there!). The second is the tests for this module
-that were largely dependent on [TravisCI](https://app.travis-ci.com/github/rehanone/puppet-samba?serverType=git) which has
-not been very kind to free and open source project of late. Without the ability to run any kind of tests, it was impossible
+Firstly, the `pdk` in the latest releases has become almost unworkable (maybe it is my lack of understanding, but I do
+not have the time commitment required to keep up with what is going on in there!). The second is the tests for this module
+that were largely dependent on [TravisCI](https://app.travis-ci.com/github/rehanone/puppet-samba?serverType=git) which has
+not been very kind to free and open source project of late. Without the ability to run any kind of tests, it was impossible
to merge further changes.
-Well, most of that has been addressed to some extent in this release by very generous work of [bschonec](https://github.com/bschonec)
-over the past few weeks. One of the main changes in this release is [#43](https://github.com/rehanone/puppet-samba/pull/43).
+Well, most of that has been addressed to some extent in this release by very generous work of [bschonec](https://github.com/bschonec)
+over the past few weeks. One of the main changes in this release is [#43](https://github.com/rehanone/puppet-samba/pull/43).
Not all integration tests are fully migrated yet but this is a good starting point.
Other notable changes in this release are:
diff --git a/REFERENCE.md b/REFERENCE.md
index c09f823..7521918 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -172,202 +172,268 @@ Manage the firewall rules for the Samba services.
##### `workgroup`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This controls what workgroup your server will appear to be in when queried by clients.
+Default value: `'WORKGROUP'`
+
##### `server_string`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view.
+Default value: `'%h server (Samba Server Version %v)'`
+
##### `netbios_name`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This sets the NetBIOS name by which a Samba server is known.
+Default value: `'%{facts.hostname}'`
+
##### `domain_master`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Boolean, String]`
Tell smbd(8) to enable WAN-wide browse list collation.
+Default value: `'auto'`
+
##### `preferred_master`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Boolean, String]`
This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup.
+Default value: `'auto'`
+
##### `local_master`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
This option allows nmbd(8) to try and become a local master browser on a subnet.
+Default value: `true`
+
##### `os_level`
-Data type: `Optional[Integer[0, 255]]`
+Data type: `Variant[Undef, Integer[0, 255]]`
This integer value controls what level Samba advertises itself as for browse elections.
+Default value: `20`
+
##### `wins_support`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
This boolean controls if the nmbd(8) process in Samba will act as a WINS server.
+Default value: `false`
+
##### `wins_server`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This specifies the IP address (or DNS name: IP address for preference) of the WINS server that nmbd(8) should register with.
+Default value: `undef`
+
##### `name_resolve_order`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses.
+Default value: `'lmhosts wins host bcast'`
+
##### `server_min_protocol`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This setting controls the minimum protocol version that the server will allow the client to use.
+Default value: `'SMB2_10'`
+
##### `client_max_protocol`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
The value of the parameter (a string) is the highest protocol level that will be supported for IPC$ connections as DCERPC transport.
+Default value: `'SMB3'`
+
##### `client_min_protocol`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This setting controls the minimum protocol version that the client will attempt to use.
+Default value: `'SMB2_10'`
+
##### `hosts_allow`
Data type: `Array[String]`
This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.
+Default value: `[]`
+
##### `hosts_deny`
Data type: `Array[String]`
The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one.
+Default value: `['ALL']`
+
##### `interfaces`
Data type: `Array[String]`
default: interfaces =
+Default value: `[]`
+
##### `bind_interfaces_only`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
+Default value: `false`
+
##### `log_file`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This option allows you to override the name of the Samba log file (also known as the debug file).
+Default value: `'/var/log/samba/log.%m'`
+
##### `max_log_size`
-Data type: `Optional[Integer]`
+Data type: `Variant[Undef, Integer]`
This option (an integer in kilobytes) specifies the max size the log file should grow to.
+Default value: `10000`
+
##### `passdb_backend`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This option allows the administrator to chose which backend will be used for storing user and possibly group information.
+Default value: `'tdbsam'`
+
##### `domain_logons`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
DEPRECATED: This parameter has been deprecated since Samba 4.13 and support for NT4-style domain logons(as distinct from the Samba AD DC) will be removed in a future Samba release.
+Default value: `false`
+
##### `map_to_guest`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This parameter can take four different values, which tell smbd(8) what to do with user login requests that don't match a valid UNIX user in some way.
+Default value: `'Never'`
+
##### `security`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This option affects how clients respond to Samba.
+Default value: `'auto'`
+
##### `encrypt_passwords`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
DEPRECATED: This boolean controls whether encrypted passwords will be negotiated with the client
+Default value: `true`
+
##### `unix_password_sync`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed.
+Default value: `false`
+
##### `socket_options`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This option allows you to set socket options to be used when talking with the client.
+Default value: `'TCP_NODELAY'`
+
##### `syslog`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This parameter maps how Samba debug messages are logged onto the system syslog logging levels.
+Default value: `undef`
+
##### `ntlm_auth`
Data type: `Variant[Enum['ntlmv1-permitted', 'ntlmv2-only', 'mschapv2-and-ntlmv2-only', 'disabled'], Boolean]`
This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response for this local passdb (SAM or account database).
+Default value: `false`
+
##### `machine_password_timeout`
-Data type: `Optional[Integer]`
+Data type: `Variant[Undef, Integer]`
This parameter specifies how often the MACHINE ACCOUNT password will be changed, in seconds.
+Default value: `604800`
+
##### `realm`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
This option specifies the kerberos realm to use.
+Default value: `undef`
+
##### `kerberos_method`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
Controls how kerberos tickets are verified.
+Default value: `'default'`
+
##### `dedicated_keytab_file`
-Data type: `Optional[String]`
+Data type: `Variant[Undef, String]`
Specifies the absolute path to the kerberos keytab file when kerberos method is set to "dedicated keytab".
+Default value: `undef`
+
##### `obey_pam_restrictions`
-Data type: `Optional[Boolean]`
+Data type: `Variant[Undef, Boolean]`
This parameter will control whether or not Samba should obey PAM's account and session management directives.
+Default value: `false`
+
##### `shares`
Data type: `Hash`
@@ -378,10 +444,12 @@ Default value: `{}`
##### `idmap_config`
-Data type: `Optional[Hash]`
+Data type: `Variant[Undef, Hash]`
The mapping between Windows SIDs and Unix user and group IDs.
+Default value: `{}`
+
### `samba::client`
@summary: This module installs the SAMBA/CIFS client.
diff --git a/data/common.yaml b/data/common.yaml
index 550a3ef..d17ebab 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -18,39 +18,3 @@ samba::service_ports:
- port: 445
proto: tcp
samba::firewall_manage: false
-
-# Default Config
-samba::workgroup: 'WORKGROUP'
-samba::server_string: '%h server (Samba Server Version %v)'
-samba::netbios_name: "%{facts.hostname}"
-samba::domain_master: null
-samba::preferred_master: null
-samba::local_master: null
-samba::os_level: null
-samba::wins_support: null
-samba::wins_server: null
-samba::name_resolve_order: null
-samba::server_min_protocol: 'SMB2_10'
-samba::client_max_protocol: 'SMB3'
-samba::client_min_protocol: 'SMB2_10'
-samba::hosts_allow: []
-samba::hosts_deny: ['ALL']
-samba::interfaces: []
-samba::bind_interfaces_only: null
-samba::log_file: '/var/log/samba/log.%m'
-samba::max_log_size: 10000
-samba::passdb_backend: 'tdbsam'
-samba::domain_logons: false
-samba::security: 'user'
-samba::encrypt_passwords: null
-samba::unix_password_sync: true
-samba::map_to_guest: 'Never'
-samba::socket_options: 'TCP_NODELAY'
-samba::syslog: null
-samba::ntlm_auth: false
-samba::machine_password_timeout: null
-samba::realm: null
-samba::kerberos_method: null
-samba::dedicated_keytab_file: null
-samba::obey_pam_restrictions: false
-samba::idmap_config: {}
diff --git a/manifests/init.pp b/manifests/init.pp
index 332010d..ce2475d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -170,41 +170,40 @@
Boolean $firewall_manage,
# Main smb.conf options
- Optional[String] $workgroup,
- Optional[String] $server_string,
- Optional[String] $netbios_name,
- Optional[Boolean] $domain_master,
- Optional[Boolean] $preferred_master,
- Optional[Boolean] $local_master,
- Optional[Integer[0, 255]] $os_level,
- Optional[Boolean] $wins_support,
- Optional[String] $wins_server,
- Optional[String] $name_resolve_order,
- Optional[String] $server_min_protocol,
- Optional[String] $client_max_protocol,
- Optional[String] $client_min_protocol,
- Array[String] $hosts_allow,
- Array[String] $hosts_deny,
- Array[String] $interfaces,
- Optional[Boolean] $bind_interfaces_only,
- Optional[String] $log_file,
- Optional[Integer] $max_log_size,
- Optional[String] $passdb_backend,
- Optional[Boolean] $domain_logons,
- Optional[String] $map_to_guest,
- Optional[String] $security,
- Optional[Boolean] $encrypt_passwords,
- Optional[Boolean] $unix_password_sync,
- Optional[String] $socket_options,
- Optional[String] $syslog,
- Variant[Enum['ntlmv1-permitted', 'ntlmv2-only', 'mschapv2-and-ntlmv2-only', 'disabled'], Boolean] $ntlm_auth,
- Optional[Integer] $machine_password_timeout,
- Optional[String] $realm,
- Optional[String] $kerberos_method,
- Optional[String] $dedicated_keytab_file,
- Optional[Boolean] $obey_pam_restrictions,
- Optional[Hash] $idmap_config,
-
+ Variant[Undef, String] $workgroup = 'WORKGROUP',
+ Variant[Undef, String] $server_string = '%h server (Samba Server Version %v)',
+ Variant[Undef, String] $netbios_name = '%{facts.hostname}',
+ Variant[Boolean, String] $domain_master = 'auto',
+ Variant[Boolean, String] $preferred_master = 'auto',
+ Variant[Undef, Boolean] $local_master = true,
+ Variant[Undef, Integer[0, 255]] $os_level = 20,
+ Variant[Undef, Boolean] $wins_support = false,
+ Variant[Undef, String] $wins_server = undef,
+ Variant[Undef, String] $name_resolve_order = 'lmhosts wins host bcast',
+ Variant[Undef, String] $server_min_protocol = 'SMB2_10',
+ Variant[Undef, String] $client_max_protocol = 'SMB3',
+ Variant[Undef, String] $client_min_protocol = 'SMB2_10',
+ Array[String] $hosts_allow = [],
+ Array[String] $hosts_deny = ['ALL'],
+ Array[String] $interfaces = [],
+ Variant[Undef, Boolean] $bind_interfaces_only = false,
+ Variant[Undef, String] $log_file = '/var/log/samba/log.%m',
+ Variant[Undef, Integer] $max_log_size = 10000,
+ Variant[Undef, String] $passdb_backend = 'tdbsam',
+ Variant[Undef, Boolean] $domain_logons = false,
+ Variant[Undef, String] $map_to_guest = 'Never',
+ Variant[Undef, String] $security = 'auto',
+ Variant[Undef, Boolean] $encrypt_passwords = true,
+ Variant[Undef, Boolean] $unix_password_sync = false,
+ Variant[Undef, String] $socket_options = 'TCP_NODELAY',
+ Variant[Undef, String] $syslog = undef,
+ Variant[Enum['ntlmv1-permitted', 'ntlmv2-only', 'mschapv2-and-ntlmv2-only', 'disabled'], Boolean] $ntlm_auth = false,
+ Variant[Undef, Integer] $machine_password_timeout = 604800,
+ Variant[Undef, String] $realm = undef,
+ Variant[Undef, String] $kerberos_method = 'default',
+ Variant[Undef, String] $dedicated_keytab_file = undef,
+ Variant[Undef, Boolean] $obey_pam_restrictions = false,
+ Variant[Undef, Hash] $idmap_config = {},
Hash $shares = {},
) {
$incl = $config_file
diff --git a/spec/classes/samba_spec.rb b/spec/classes/samba_spec.rb
index da6aa36..0ceb47f 100644
--- a/spec/classes/samba_spec.rb
+++ b/spec/classes/samba_spec.rb
@@ -66,23 +66,23 @@
is_expected.to contain_samba__option('workgroup').with_value('WORKGROUP')
is_expected.to contain_samba__option('server string').with_value('%h server (Samba Server Version %v)')
is_expected.to contain_samba__option('netbios name').with_value('foo')
- is_expected.to contain_samba__option('domain master').with_value(nil)
- is_expected.to contain_samba__option('preferred master').with_value(nil)
- is_expected.to contain_samba__option('local master').with_value(nil)
- is_expected.to contain_samba__option('os level').with_value(nil)
- is_expected.to contain_samba__option('wins support').with_value(nil)
+ is_expected.to contain_samba__option('domain master').with_value('auto')
+ is_expected.to contain_samba__option('preferred master').with_value('auto')
+ is_expected.to contain_samba__option('local master').with_value(true)
+ is_expected.to contain_samba__option('os level').with_value(20)
+ is_expected.to contain_samba__option('wins support').with_value(false)
is_expected.to contain_samba__option('wins server').with_value(nil)
- is_expected.to contain_samba__option('name resolve order').with_value(nil)
+ is_expected.to contain_samba__option('name resolve order').with_value('lmhosts wins host bcast')
is_expected.to contain_samba__option('server min protocol').with_value('SMB2_10')
is_expected.to contain_samba__option('client max protocol').with_value('SMB3')
is_expected.to contain_samba__option('client min protocol').with_value('SMB2_10')
is_expected.to contain_samba__option('hosts allow').with_value([])
is_expected.to contain_samba__option('hosts deny').with_value(['ALL'])
is_expected.to contain_samba__option('interfaces').with_value([])
- is_expected.to contain_samba__option('bind interfaces only').with_value(nil)
- is_expected.to contain_samba__option('security').with_value('user')
- is_expected.to contain_samba__option('encrypt passwords').with_value(nil)
- is_expected.to contain_samba__option('unix password sync').with_value(true)
+ is_expected.to contain_samba__option('bind interfaces only').with_value(false)
+ is_expected.to contain_samba__option('security').with_value('auto')
+ is_expected.to contain_samba__option('encrypt passwords').with_value(true)
+ is_expected.to contain_samba__option('unix password sync').with_value(false)
is_expected.to contain_samba__option('socket options').with_value('TCP_NODELAY')
is_expected.to contain_samba__option('map to guest').with_value('Never')
is_expected.to contain_samba__option('passdb backend').with_value('tdbsam')
@@ -90,9 +90,9 @@
is_expected.to contain_samba__option('max log size').with_value(10_000)
is_expected.to contain_samba__option('syslog').with_value(nil)
is_expected.to contain_samba__option('ntlm auth').with_value(false)
- is_expected.to contain_samba__option('machine password timeout').with_value(nil)
+ is_expected.to contain_samba__option('machine password timeout').with_value(604_800)
is_expected.to contain_samba__option('realm').with_value(nil)
- is_expected.to contain_samba__option('kerberos method').with_value(nil)
+ is_expected.to contain_samba__option('kerberos method').with_value('default')
is_expected.to contain_samba__option('dedicated keytab file').with_value(nil)
is_expected.to contain_samba__option('obey pam restrictions').with_value(false)
is_expected.to contain_samba__option('idmap config * : backend').with_value('tbd')