Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
etersoft-admin-essentials
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
etersoft-admin-essentials
Commits
381325f7
Commit
381325f7
authored
Aug 05, 2017
by
Vitaly Lipatov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add dc-client script
parent
c4c0b64e
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
115 additions
and
0 deletions
+115
-0
tune_sssd.sh
dc-client/tune_sssd.sh
+115
-0
No files found.
dc-client/tune_sssd.sh
0 → 100755
View file @
381325f7
#!/bin/sh
fatal
()
{
echo
"
$@
"
>
&2
exit
1
}
case
$(
distr_info
-d
)
in
Ubuntu|Debian
)
# Ubuntu
epmi samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba
;;
ALTLinux
)
epmi krb5-kinit ldb-tools sssd-ad samba-common-tools
# pam_mount task-auth-ad-sssd
;;
Fedora|CentOS|RHEL
)
epmi krb5-workstation ldb-tools sssd-ad samba-common-tools
;;
*
)
fatal
"Unsupported distro"
;;
esac
if
!
which subst 2>/dev/null
;
then
subst
()
{
sed
-i
-e
"
$@
"
}
fi
LIBDIR
=
/usr/lib64
[
-d
/usr/lib64
]
||
LIBDIR
=
/usr/lib
if
[
!
-L
$LIBDIR
/samba/ldb
]
;
then
ln
-s
$LIBDIR
/ldb/modules/ldb
$LIBDIR
/samba/ldb
fi
if
[
-d
/etc/sssd/conf.d
]
;
then
cat
<<
EOF
>/etc/sssd/conf.d/etersoft.conf || fatal
[sssd]
domains = ETERSOFT.RU
[domain/ETERSOFT.RU]
id_provider = ad
auth_provider = ad
chpass_provider = ad
default_shell = /bin/bash
fallback_homedir = /home/%u
;debug_level = 5
;chpass_provider = ldap
; enable when auto discovery is enabled
ldap_chpass_dns_service_name = ad
ldap_id_mapping = False
;use_fully_qualified_names = True
# change for production
cache_credentials = false
;ad_hostname = asu.office.etersoft.ru
;ad_server = dc.etersoft.ru
;ad_domain = ETERSOFT.RU
enumerate = true
; krb5_canonicalize = True
EOF
chmod
0600 /etc/sssd/conf.d/etersoft.conf
else
echo
"Skipping sssd conf creating"
fi
if
!
grep
-q
" sss"
/etc/nsswitch.conf
;
then
subst
"s| mysql| sss mysql|g"
/etc/nsswitch.conf
fi
(
cd
/etc
;
git diff nsswitch.conf |
cat
)
UPHOST
=
$(
hostname
-s
|
tr
[
:lower:]
[
:upper:]
)
if
!
grep
-q
"realm = ETERSOFT.RU"
/etc/samba/smb.conf
;
then
cat
<<
EOF
>>/etc/samba/smb.conf
[global]
security = ads
realm = ETERSOFT.RU
workgroup = ETERSOFT
netbios name =
$UPHOST
template shell = /bin/bash
kerberos method = system keytab
wins support = no
EOF
testparm
||
fatal
echo
"Check /etc/samba/smb.conf"
(
cd
/etc
;
git diff samba/smb.conf |
cat
)
fi
# Не нужно?!
#serv smb on
# Вход в домен
rm
-fv
/etc/krb5.keytab
kinit Administrator
||
exit
echo
"Join to domain... "
net ads
join
-k
||
exit
kdestroy
control system-auth sss
serv nscd off
serv sssd on
echo
"Done. Don't bother about above DNS errors"
exit
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
