Commit 11e54309 authored by Vitaly Lipatov's avatar Vitaly Lipatov

tune_sssd.sh: improve script

parent ed5fc5b8
...@@ -33,7 +33,7 @@ fi ...@@ -33,7 +33,7 @@ fi
echo "Use REALM $REALM ..." echo "Use REALM $REALM ..."
case $(distro_info -d) in case $(epm print info -d) in
Ubuntu|Debian) Ubuntu|Debian)
# Ubuntu # Ubuntu
epmi --skip-installed samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba epmi --skip-installed samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba
...@@ -46,7 +46,7 @@ case $(distro_info -d) in ...@@ -46,7 +46,7 @@ case $(distro_info -d) in
epmi --skip installed krb5-workstation ldb-tools sssd-ad samba-common-tools epmi --skip installed krb5-workstation ldb-tools sssd-ad samba-common-tools
;; ;;
*) *)
fatal "Unsupported distro" fatal "Unsupported distro $(epm print info -d)"
;; ;;
esac esac
...@@ -57,11 +57,12 @@ subst() ...@@ -57,11 +57,12 @@ subst()
} }
fi fi
LIBDIR=$(getconf LIBDIR) #LIBDIR=$(getconf LIBDIR)
if [ ! -d "$LIBDIR" ] ; then #if [ ! -d "$LIBDIR" ] ; then
LIBDIR=/usr/lib64 # LIBDIR=/usr/lib64
[ -d /usr/lib64 ] || LIBDIR=/usr/lib # [ -d /usr/lib64 ] || LIBDIR=/usr/lib
fi # echo "fallback to $LIBDIR"
#fi
# fix back on ALT Linux p8 # fix back on ALT Linux p8
# https://bugzilla.altlinux.org/show_bug.cgi?id=33427 # https://bugzilla.altlinux.org/show_bug.cgi?id=33427
...@@ -156,13 +157,14 @@ EOF ...@@ -156,13 +157,14 @@ EOF
fi fi
# Вход в домен # Вход в домен
#rm -fv /etc/krb5.keytab kinit $ADMIN || fatal "Can't get kerberos ticket for '$ADMIN'"
kinit $ADMIN || exit echo "Have got a kerberos ticker!"
[ -f /etc/krb5.keytab ] && echo "Removing old keytab /etc/krb5.keytab ..." && rm -fv /etc/krb5.keytab
echo "Join to domain... " echo "Join to domain... "
net ads join -k || exit net ads join -k || fatal "Failed to join to the domain '$REALM'"
kdestroy kdestroy
case $(distro_info -d) in case $(epm print info -d) in
ALTLinux) ALTLinux)
control system-auth sss control system-auth sss
# TODO: use common domain groups # TODO: use common domain groups
...@@ -171,15 +173,17 @@ case $(distro_info -d) in ...@@ -171,15 +173,17 @@ case $(distro_info -d) in
roleadd etersysadmin wheel roleadd etersysadmin wheel
;; ;;
*) *)
echo "Unknown system $(distro_info -d). Check /etc/pam.d/system-auth for pam_sss.so using" echo "Unknown system $(epm print info -d). Check /etc/pam.d/system-auth for pam_sss.so using"
;; ;;
esac esac
serv nscd off serv nscd off
serv sssd on serv sssd on
subst "s|^# GSSAPIAuthentication no| GSSAPIAuthentication yes|" /etc/openssh/ssh_config OPENSSHDIR=/etc/openssh
subst "s|^# GSSAPIDelegateCredentials no| GSSAPIDelegateCredentials yes|" /etc/openssh/ssh_config [ ! -d "$OPENSSHDIR" ] && [ -d "/etc/ssh" ] && OPENSSHDIR=/etc/ssh
subst "s|^# GSSAPIAuthentication no| GSSAPIAuthentication yes|" $OPENSSHDIR/ssh_config
subst "s|^# GSSAPIDelegateCredentials no| GSSAPIDelegateCredentials yes|" $OPENSSHDIR/ssh_config
echo "Done. Don't bother about DNS errors above" echo "Done. Don't bother about DNS errors above"
echo "Check https://www.altlinux.org/SSSD/AD for detailed description." echo "Check https://www.altlinux.org/SSSD/AD for detailed description."
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment