add dc-client script

381325f7 · Vitaly Lipatov · c4c0b64e · 381325f7
Commit 381325f7 authored Aug 05, 2017 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 115 additions and 0 deletions

tune_sssd.sh dc-client/tune_sssd.sh +115 -0

No files found.
--- a/dc-client/tune_sssd.sh
+++ b/dc-client/tune_sssd.sh
+#!/bin/sh
+
+fatal()
+{
+    echo "$@" >&2
+    exit 1
+}
+
+case $(distr_info -d) in
+    Ubuntu|Debian)
+        # Ubuntu
+        epmi samba-common-bin krb5-config krb5-user ldb-tools sssd-ad samba
+        ;;
+    ALTLinux)
+        epmi krb5-kinit ldb-tools sssd-ad samba-common-tools
+        # pam_mount task-auth-ad-sssd
+        ;;
+    Fedora|CentOS|RHEL)
+        epmi krb5-workstation ldb-tools sssd-ad samba-common-tools
+        ;;
+    *)
+        fatal "Unsupported distro"
+        ;;
+esac
+
+if ! which subst 2>/dev/null ; then
+subst()
+{
+    sed -i -e "$@"
+}
+fi
+
+LIBDIR=/usr/lib64
+[ -d /usr/lib64 ] || LIBDIR=/usr/lib
+
+if [ ! -L $LIBDIR/samba/ldb ] ; then
+    ln -s $LIBDIR/ldb/modules/ldb $LIBDIR/samba/ldb
+fi
+
+if [ -d /etc/sssd/conf.d ] ; then
+cat <<EOF >/etc/sssd/conf.d/etersoft.conf || fatal
+[sssd]
+domains = ETERSOFT.RU
+
+[domain/ETERSOFT.RU]
+id_provider = ad
+auth_provider = ad
+chpass_provider = ad
+default_shell = /bin/bash
+fallback_homedir = /home/%u
+;debug_level = 5
+
+;chpass_provider = ldap
+; enable when auto discovery is enabled
+ldap_chpass_dns_service_name = ad
+
+ldap_id_mapping = False
+;use_fully_qualified_names = True
+# change for production
+cache_credentials = false
+
+;ad_hostname = asu.office.etersoft.ru
+;ad_server = dc.etersoft.ru
+;ad_domain = ETERSOFT.RU
+enumerate = true
+; krb5_canonicalize = True
+EOF
+
+chmod 0600 /etc/sssd/conf.d/etersoft.conf
+else
+    echo "Skipping sssd conf creating"
+fi
+
+if ! grep -q " sss" /etc/nsswitch.conf ; then
+    subst "s| mysql| sss mysql|g" /etc/nsswitch.conf
+fi
+( cd /etc ; git diff nsswitch.conf | cat )
+
+UPHOST=$(hostname -s | tr [:lower:] [:upper:])
+
+if ! grep -q "realm = ETERSOFT.RU" /etc/samba/smb.conf ; then
+cat <<EOF >>/etc/samba/smb.conf
+
+       [global]
+       security = ads
+       realm = ETERSOFT.RU
+       workgroup = ETERSOFT
+       netbios name = $UPHOST
+       template shell = /bin/bash
+       kerberos method = system keytab
+       wins support = no
+EOF
+
+testparm || fatal
+echo "Check /etc/samba/smb.conf"
+( cd /etc ; git diff samba/smb.conf | cat )
+fi
+
+# Не нужно?!
+#serv smb on
+
+# Вход в домен
+rm -fv /etc/krb5.keytab
+kinit Administrator || exit
+echo "Join to domain... "
+net ads join -k || exit
+kdestroy
+control system-auth sss
+
+serv nscd off
+serv sssd on
+
+echo "Done. Don't bother about above DNS errors"
+exit
+