tune_sssd.sh: some update

dc-client/tune_sssd.sh

@@ -37,15 +37,18 @@ if [ ! -L $LIBDIR/samba/ldb ] ; then
     ln -s $LIBDIR/ldb/modules/ldb $LIBDIR/samba/ldb
 fi
 
+REALM="ETERSOFT.RU"
 if [ -d /etc/sssd/conf.d ] ; then
 cat <<EOF >/etc/sssd/conf.d/etersoft.conf || fatal
 [sssd]
-domains = ETERSOFT.RU
+domains = $REALM
 
-[domain/ETERSOFT.RU]
+[domain/$REALM]
 id_provider = ad
 auth_provider = ad
+access_provider = ad
 chpass_provider = ad
+
 default_shell = /bin/bash
 fallback_homedir = /home/%u
 ;debug_level = 5
@@ -56,14 +59,17 @@ ldap_chpass_dns_service_name = ad
 
 ldap_id_mapping = False
 ;use_fully_qualified_names = True
-# change for production
+; always ask KDC
 cache_credentials = false
 
 ;ad_hostname = asu.office.etersoft.ru
 ;ad_server = dc.etersoft.ru
+
 ;ad_domain = ETERSOFT.RU
+
 enumerate = true
 ; krb5_canonicalize = True
+dyndns_update = False
 EOF
 
 chmod 0600 /etc/sssd/conf.d/etersoft.conf
@@ -71,20 +77,25 @@ else
     echo "Skipping sssd conf creating"
 fi
 
+# TODO: Fedora has special command for change nssswitch.conf
+
 if ! grep -q " sss" /etc/nsswitch.conf ; then
     subst "s| mysql| sss mysql|g" /etc/nsswitch.conf
 fi
 ( cd /etc ; git diff nsswitch.conf | cat )
 
+# TODO: realmd
+
 UPHOST=$(hostname -s | tr [:lower:] [:upper:])
+WORKGROUP=$(echo "$REALM" | sed -e "s|\..*||")
 
-if ! grep -q "realm = ETERSOFT.RU" /etc/samba/smb.conf ; then
+if ! grep -q "realm = $REALM" /etc/samba/smb.conf ; then
 cat <<EOF >>/etc/samba/smb.conf
 
        [global]
        security = ads
-       realm = ETERSOFT.RU
-       workgroup = ETERSOFT
+       realm = $REALM
+       workgroup = $WORKGROUP
        netbios name = $UPHOST
        template shell = /bin/bash
        kerberos method = system keytab