tune_sssd.sh: improvements

ab1e1d92 · Vitaly Lipatov · a965adbf · ab1e1d92
Commit ab1e1d92 authored Oct 25, 2019 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 5 deletions

tune_sssd.sh dc-client/tune_sssd.sh +8 -5

No files found.
--- a/dc-client/tune_sssd.sh
+++ b/dc-client/tune_sssd.sh
@@ -22,7 +22,7 @@ fi
 epm assure bind-utils || fatal
 # Get REALM (needed for sssd tuning only) from DNS
 REALM=$(host -t txt _kerberos | sed -e 's|.*"\(.*\)".*|\1|') #"
-if [ -z "$REALM" ] ; then
+if [ -z "$REALM" ] || echo "$REALM" | grep "not found" ; then
    if [ -n "$1" ] ; then
        REALM="$1"
        shift
@@ -161,20 +161,23 @@ kinit $ADMIN || exit
 echo "Join to domain... "
 net ads join -k || exit
 kdestroy
-control system-auth sss
-
-serv nscd off
-serv sssd on

 case $(distr_info -d) in
    ALTLinux)
+        control system-auth sss
        # TODO: use common domain groups
        # TODO: check libnss-role version
        epm assure rolelst libnss-role
        roleadd etersysadmin wheel
        ;;
+    *)
+        echo "Unknown system $(distr_info -d). Check /etc/pam.d/system-auth for pam_sss.so using"
+        ;;
 esac

+serv nscd off
+serv sssd on
+
 subst "s|^#   GSSAPIAuthentication no|    GSSAPIAuthentication yes|" /etc/openssh/ssh_config
 subst "s|^#   GSSAPIDelegateCredentials no|    GSSAPIDelegateCredentials yes|" /etc/openssh/ssh_config