This Ansible project deploys a Kerberos-authenticated file server with SMB (Samba) and NFS support on Debian systems. It includes optional MIT Kerberos KDC deployment for complete authentication infrastructure.
π Quick Start: See QUICKSTART.md for one-command deployment!
.
βββ ansible.cfg # Ansible configuration
βββ inventory/
β βββ hosts.yml # Inventory file with file server hosts
βββ playbooks/
β βββ site.yml # Main playbook
βββ roles/ # Ansible roles (created in subsequent tasks)
βββ group_vars/
β βββ fileservers.yml # Variables for fileservers group
βββ host_vars/
β βββ fileserver01.yml # Host-specific variables
βββ templates/ # Jinja2 templates (created in subsequent tasks)
- Ansible 2.9 or higher installed on the controller
- Debian 11 or higher on target file server
- SSH access to target server with sudo privileges
- Kerberos KDC available (MIT Kerberos or Active Directory)
- Option 1: Use the included KDC role to deploy MIT Kerberos (see KDC Setup)
- Option 2: Use existing Kerberos infrastructure
Deploy both KDC and file server on a single host:
# 1. Configure settings
vim group_vars/kdc.yml
vim group_vars/fileservers.yml
# 2. Encrypt sensitive data
ansible-vault encrypt group_vars/kdc.yml
# 3. Deploy everything
./scripts/deploy-all-in-one.shSee All-in-One Setup Guide for details.
-
Deploy Kerberos KDC (if you don't have one):
# Configure KDC settings vim group_vars/kdc.yml # Deploy KDC ./scripts/deploy-kdc.sh
See KDC Quick Start for details.
-
Deploy File Server:
# Configure file server settings vim group_vars/fileservers.yml # Deploy file server ansible-playbook playbooks/site.yml
-
Update inventory file with your file server details:
vim inventory/hosts.yml
-
Configure variables for your environment:
vim group_vars/fileservers.yml
-
Run the playbook:
ansible-playbook playbooks/site.yml
Edit group_vars/fileservers.yml to configure Kerberos:
krb5_realm: Your Kerberos realm (e.g., HOMELAB.LOCAL)krb5_kdc: KDC server addresskrb5_admin_server: Kadmin server address
Define shares in group_vars/fileservers.yml:
shares:
- path: "/srv/shares/myshare"
owner: "root"
group: "users"
mode: "0775"Configure SMB shares in samba_shares variable.
Configure NFS exports in nfs_exports variable.
# Quick deployment
./scripts/deploy-kdc.sh
# Or manually
ansible-playbook playbooks/kdc.yml --ask-vault-passRun the complete deployment:
ansible-playbook playbooks/site.ymlCheck syntax:
ansible-playbook playbooks/site.yml --syntax-checkDry run:
ansible-playbook playbooks/site.yml --checkSee User Management and Mounting Guide for detailed instructions.
Quick example:
# Get Kerberos ticket
kinit [email protected]
# Mount share
sudo mount -t cifs //fileserver01.cube.k8s/socialpro /mnt/socialpro \
-o sec=krb5,user=usernameThis project includes a complete MIT Kerberos KDC deployment role.
-
Configure
group_vars/kdc.yml:kdc_realm: "CUBE.K8S" kdc_domain: "cube.k8s" kdc_master_password: "YourStrongPassword" kdc_admin_password: "YourStrongPassword"
-
Encrypt sensitive data:
ansible-vault encrypt group_vars/kdc.yml
-
Deploy:
./scripts/deploy-kdc.sh
- All-in-One Setup: docs/all-in-one-setup.md β Recommended for home labs
- Quick Start: docs/kdc-quick-start.md
- Complete Guide: docs/kdc-setup-guide.md
- User Management: docs/user-management-and-mounting.md
- Architecture: docs/architecture-diagram.md
- common: Base system configuration
- kerberos-client: Kerberos client setup and keytab management
- kerberos-kdc: MIT Kerberos KDC deployment (optional)
- shares: Share directory management
- samba: SMB file sharing with Kerberos authentication
- nfs-server: NFS file sharing (to be implemented)
Each role includes detailed documentation in its README:
The roles will be implemented in subsequent tasks:
- common: Base system configuration β
- kerberos-client: Kerberos client setup β
- kerberos-kdc: MIT Kerberos KDC deployment β
- shares: Share directory management β
- samba: SMB file sharing β
- nfs-server: NFS file sharing (in progress)