tune_sssd.sh: improve script

11e54309 · Vitaly Lipatov · ed5fc5b8 · 11e54309
Commit 11e54309 authored Aug 04, 2021 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 14 deletions

tune_sssd.sh dc-client/tune_sssd.sh +18 -14

No files found.
--- a/dc-client/tune_sssd.sh
+++ b/dc-client/tune_sssd.sh
@@ -33,7 +33,7 @@ fi
 echo "Use REALM $REALM ..."


-case $(distro_info -d) in
+case $(epm print info -d) in
    Ubuntu|Debian)
        # Ubuntu
        epmi --skip-installed samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba
@@ -46,7 +46,7 @@ case $(distro_info -d) in
        epmi --skip installed krb5-workstation ldb-tools sssd-ad samba-common-tools
        ;;
    *)
-        fatal "Unsupported distro"
+        fatal "Unsupported distro $(epm print info -d)"
        ;;
 esac

@@ -57,11 +57,12 @@ subst()
 }
 fi

-LIBDIR=$(getconf LIBDIR)
-if [ ! -d "$LIBDIR" ] ; then
-    LIBDIR=/usr/lib64
-    [ -d /usr/lib64 ] || LIBDIR=/usr/lib
-fi
+#LIBDIR=$(getconf LIBDIR)
+#if [ ! -d "$LIBDIR" ] ; then
+#    LIBDIR=/usr/lib64
+#    [ -d /usr/lib64 ] || LIBDIR=/usr/lib
+#    echo "fallback to $LIBDIR"
+#fi

 # fix back on ALT Linux p8
 # https://bugzilla.altlinux.org/show_bug.cgi?id=33427
@@ -156,13 +157,14 @@ EOF
 fi

 # Вход в домен
-#rm -fv /etc/krb5.keytab
-kinit $ADMIN || exit
+kinit $ADMIN || fatal "Can't get kerberos ticket for '$ADMIN'"
+echo "Have got a kerberos ticker!"
+[ -f /etc/krb5.keytab ] && echo "Removing old keytab /etc/krb5.keytab ..." && rm -fv /etc/krb5.keytab
 echo "Join to domain... "
-net ads join -k || exit
+net ads join -k || fatal "Failed to join to the domain '$REALM'"
 kdestroy

-case $(distro_info -d) in
+case $(epm print info -d) in
    ALTLinux)
        control system-auth sss
        # TODO: use common domain groups
@@ -171,15 +173,17 @@ case $(distro_info -d) in
        roleadd etersysadmin wheel
        ;;
    *)
-        echo "Unknown system $(distro_info -d). Check /etc/pam.d/system-auth for pam_sss.so using"
+        echo "Unknown system $(epm print info -d). Check /etc/pam.d/system-auth for pam_sss.so using"
        ;;
 esac

 serv nscd off
 serv sssd on

-subst "s|^#   GSSAPIAuthentication no|    GSSAPIAuthentication yes|" /etc/openssh/ssh_config
-subst "s|^#   GSSAPIDelegateCredentials no|    GSSAPIDelegateCredentials yes|" /etc/openssh/ssh_config
+OPENSSHDIR=/etc/openssh
+[ ! -d "$OPENSSHDIR" ] && [ -d "/etc/ssh" ] && OPENSSHDIR=/etc/ssh
+subst "s|^#   GSSAPIAuthentication no|    GSSAPIAuthentication yes|" $OPENSSHDIR/ssh_config
+subst "s|^#   GSSAPIDelegateCredentials no|    GSSAPIDelegateCredentials yes|" $OPENSSHDIR/ssh_config

 echo "Done. Don't bother about DNS errors above"
 echo "Check https://www.altlinux.org/SSSD/AD for detailed description."