Commit 11e54309 authored by Vitaly Lipatov's avatar Vitaly Lipatov

tune_sssd.sh: improve script

parent ed5fc5b8
......@@ -33,7 +33,7 @@ fi
echo "Use REALM $REALM ..."
case $(distro_info -d) in
case $(epm print info -d) in
Ubuntu|Debian)
# Ubuntu
epmi --skip-installed samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba
......@@ -46,7 +46,7 @@ case $(distro_info -d) in
epmi --skip installed krb5-workstation ldb-tools sssd-ad samba-common-tools
;;
*)
fatal "Unsupported distro"
fatal "Unsupported distro $(epm print info -d)"
;;
esac
......@@ -57,11 +57,12 @@ subst()
}
fi
LIBDIR=$(getconf LIBDIR)
if [ ! -d "$LIBDIR" ] ; then
LIBDIR=/usr/lib64
[ -d /usr/lib64 ] || LIBDIR=/usr/lib
fi
#LIBDIR=$(getconf LIBDIR)
#if [ ! -d "$LIBDIR" ] ; then
# LIBDIR=/usr/lib64
# [ -d /usr/lib64 ] || LIBDIR=/usr/lib
# echo "fallback to $LIBDIR"
#fi
# fix back on ALT Linux p8
# https://bugzilla.altlinux.org/show_bug.cgi?id=33427
......@@ -156,13 +157,14 @@ EOF
fi
# Вход в домен
#rm -fv /etc/krb5.keytab
kinit $ADMIN || exit
kinit $ADMIN || fatal "Can't get kerberos ticket for '$ADMIN'"
echo "Have got a kerberos ticker!"
[ -f /etc/krb5.keytab ] && echo "Removing old keytab /etc/krb5.keytab ..." && rm -fv /etc/krb5.keytab
echo "Join to domain... "
net ads join -k || exit
net ads join -k || fatal "Failed to join to the domain '$REALM'"
kdestroy
case $(distro_info -d) in
case $(epm print info -d) in
ALTLinux)
control system-auth sss
# TODO: use common domain groups
......@@ -171,15 +173,17 @@ case $(distro_info -d) in
roleadd etersysadmin wheel
;;
*)
echo "Unknown system $(distro_info -d). Check /etc/pam.d/system-auth for pam_sss.so using"
echo "Unknown system $(epm print info -d). Check /etc/pam.d/system-auth for pam_sss.so using"
;;
esac
serv nscd off
serv sssd on
subst "s|^# GSSAPIAuthentication no| GSSAPIAuthentication yes|" /etc/openssh/ssh_config
subst "s|^# GSSAPIDelegateCredentials no| GSSAPIDelegateCredentials yes|" /etc/openssh/ssh_config
OPENSSHDIR=/etc/openssh
[ ! -d "$OPENSSHDIR" ] && [ -d "/etc/ssh" ] && OPENSSHDIR=/etc/ssh
subst "s|^# GSSAPIAuthentication no| GSSAPIAuthentication yes|" $OPENSSHDIR/ssh_config
subst "s|^# GSSAPIDelegateCredentials no| GSSAPIDelegateCredentials yes|" $OPENSSHDIR/ssh_config
echo "Done. Don't bother about DNS errors above"
echo "Check https://www.altlinux.org/SSSD/AD for detailed description."
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment