Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
etersoft-admin-essentials
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
etersoft-admin-essentials
Commits
11e54309
Commit
11e54309
authored
Aug 04, 2021
by
Vitaly Lipatov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
tune_sssd.sh: improve script
parent
ed5fc5b8
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
18 additions
and
14 deletions
+18
-14
tune_sssd.sh
dc-client/tune_sssd.sh
+18
-14
No files found.
dc-client/tune_sssd.sh
View file @
11e54309
...
...
@@ -33,7 +33,7 @@ fi
echo
"Use REALM
$REALM
..."
case
$(
distro_
info
-d
)
in
case
$(
epm print
info
-d
)
in
Ubuntu|Debian
)
# Ubuntu
epmi
--skip-installed
samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba
...
...
@@ -46,7 +46,7 @@ case $(distro_info -d) in
epmi
--skip
installed krb5-workstation ldb-tools sssd-ad samba-common-tools
;;
*
)
fatal
"Unsupported distro"
fatal
"Unsupported distro
$(
epm print info
-d
)
"
;;
esac
...
...
@@ -57,11 +57,12 @@ subst()
}
fi
LIBDIR
=
$(
getconf LIBDIR
)
if
[
!
-d
"
$LIBDIR
"
]
;
then
LIBDIR
=
/usr/lib64
[
-d
/usr/lib64
]
||
LIBDIR
=
/usr/lib
fi
#LIBDIR=$(getconf LIBDIR)
#if [ ! -d "$LIBDIR" ] ; then
# LIBDIR=/usr/lib64
# [ -d /usr/lib64 ] || LIBDIR=/usr/lib
# echo "fallback to $LIBDIR"
#fi
# fix back on ALT Linux p8
# https://bugzilla.altlinux.org/show_bug.cgi?id=33427
...
...
@@ -156,13 +157,14 @@ EOF
fi
# Вход в домен
#rm -fv /etc/krb5.keytab
kinit
$ADMIN
||
exit
kinit
$ADMIN
||
fatal
"Can't get kerberos ticket for '
$ADMIN
'"
echo
"Have got a kerberos ticker!"
[
-f
/etc/krb5.keytab
]
&&
echo
"Removing old keytab /etc/krb5.keytab ..."
&&
rm
-fv
/etc/krb5.keytab
echo
"Join to domain... "
net ads
join
-k
||
exit
net ads
join
-k
||
fatal
"Failed to join to the domain '
$REALM
'"
kdestroy
case
$(
distro_
info
-d
)
in
case
$(
epm print
info
-d
)
in
ALTLinux
)
control system-auth sss
# TODO: use common domain groups
...
...
@@ -171,15 +173,17 @@ case $(distro_info -d) in
roleadd etersysadmin wheel
;;
*
)
echo
"Unknown system
$(
distro_
info
-d
)
. Check /etc/pam.d/system-auth for pam_sss.so using"
echo
"Unknown system
$(
epm print
info
-d
)
. Check /etc/pam.d/system-auth for pam_sss.so using"
;;
esac
serv nscd off
serv sssd on
subst
"s|^# GSSAPIAuthentication no| GSSAPIAuthentication yes|"
/etc/openssh/ssh_config
subst
"s|^# GSSAPIDelegateCredentials no| GSSAPIDelegateCredentials yes|"
/etc/openssh/ssh_config
OPENSSHDIR
=
/etc/openssh
[
!
-d
"
$OPENSSHDIR
"
]
&&
[
-d
"/etc/ssh"
]
&&
OPENSSHDIR
=
/etc/ssh
subst
"s|^# GSSAPIAuthentication no| GSSAPIAuthentication yes|"
$OPENSSHDIR
/ssh_config
subst
"s|^# GSSAPIDelegateCredentials no| GSSAPIDelegateCredentials yes|"
$OPENSSHDIR
/ssh_config
echo
"Done. Don't bother about DNS errors above"
echo
"Check https://www.altlinux.org/SSSD/AD for detailed description."
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment