tune_sssd.sh: some update

4d3c81d1 · Vitaly Lipatov · 381325f7 · 4d3c81d1
Commit 4d3c81d1 authored Aug 06, 2017 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 6 deletions

tune_sssd.sh dc-client/tune_sssd.sh +17 -6

No files found.
--- a/dc-client/tune_sssd.sh
+++ b/dc-client/tune_sssd.sh
@@ -37,15 +37,18 @@ if [ ! -L $LIBDIR/samba/ldb ] ; then
    ln -s $LIBDIR/ldb/modules/ldb $LIBDIR/samba/ldb
 fi
+REALM="ETERSOFT.RU"
 if [ -d /etc/sssd/conf.d ] ; then
 cat <<EOF >/etc/sssd/conf.d/etersoft.conf || fatal
 [sssd]
-domains = ETERSOFT.RU
+domains = $REALM
-[domain/ETERSOFT.RU]
+[domain/$REALM]
 id_provider = ad
 auth_provider = ad
+access_provider = ad
 chpass_provider = ad
 default_shell = /bin/bash
 fallback_homedir = /home/%u
 ;debug_level = 5
@@ -56,14 +59,17 @@ ldap_chpass_dns_service_name = ad
 ldap_id_mapping = False
 ;use_fully_qualified_names = True
-# change for production
+; always ask KDC
 cache_credentials = false
 ;ad_hostname = asu.office.etersoft.ru
 ;ad_server = dc.etersoft.ru
 ;ad_domain = ETERSOFT.RU
 enumerate = true
 ; krb5_canonicalize = True
+dyndns_update = False
 EOF
 chmod 0600 /etc/sssd/conf.d/etersoft.conf
@@ -71,20 +77,25 @@ else
    echo "Skipping sssd conf creating"
 fi
+# TODO: Fedora has special command for change nssswitch.conf
 if ! grep -q " sss" /etc/nsswitch.conf ; then
    subst "s| mysql| sss mysql|g" /etc/nsswitch.conf
 fi
 ( cd /etc ; git diff nsswitch.conf | cat )
+# TODO: realmd
 UPHOST=$(hostname -s | tr [:lower:] [:upper:])
+WORKGROUP=$(echo "$REALM" | sed -e "s|\..*||")
-if ! grep -q "realm = ETERSOFT.RU" /etc/samba/smb.conf ; then
+if ! grep -q "realm = $REALM" /etc/samba/smb.conf ; then
 cat <<EOF >>/etc/samba/smb.conf
       [global]
       security = ads
-       realm = ETERSOFT.RU
+       realm = $REALM
-       workgroup = ETERSOFT
+       workgroup = $WORKGROUP
       netbios name = $UPHOST
       template shell = /bin/bash
       kerberos method = system keytab