[debian-edu-commits] r80616 - in branches/wheezy/debian-edu-config: debian share/debian-edu-config/tools

pere at alioth.debian.org pere at alioth.debian.org
Fri Jun 14 02:27:57 UTC 2013 

Author: pere
Date: 2013-06-14 08:09:54 +0000 (Fri, 14 Jun 2013)
New Revision: 80616

Modified:
   branches/wheezy/debian-edu-config/debian/changelog
   branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client
   branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-roaming
   branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config
Log:
* Avoid hardcoded path in setup-roaming, to make it easier to move
  the scripts around.  Made setup-roaming more robust and capable of
  running outside the Debian Edu environment.
* Made sssd-generate-config more robust, able to handle DNS lookups
  which fall back to TCP.
* Made setup-ad-client more self contained, robust and get it
  working out of the box in an Active Directory environment, also on
  non Debian Edu machines.

Modified: branches/wheezy/debian-edu-config/debian/changelog
===================================================================
--- branches/wheezy/debian-edu-config/debian/changelog	2013-06-14 07:47:13 UTC (rev 80615)
+++ branches/wheezy/debian-edu-config/debian/changelog	2013-06-14 08:09:54 UTC (rev 80616)
@@ -1,7 +1,14 @@
 debian-edu-config (1.707~svn80574) UNRELEASED; urgency=low
 
   [ Petter Reinholdtsen ]
-  * Avoid hardcoded path in setup-roaming, to make it easier to move.
+  * Avoid hardcoded path in setup-roaming, to make it easier to move
+    the scripts around.  Made setup-roaming more robust and capable of
+    running outside the Debian Edu environment.
+  * Made sssd-generate-config more robust, able to handle DNS lookups
+    which fall back to TCP.
+  * Made setup-ad-client more self contained, robust and get it
+    working out of the box in an Active Directory environment, also on
+    non Debian Edu machines.
 
  -- Petter Reinholdtsen <pere at debian.org>  Thu, 13 Jun 2013 15:46:11 +0200
 

Modified: branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client
===================================================================
--- branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client	2013-06-14 07:47:13 UTC (rev 80615)
+++ branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client	2013-06-14 08:09:54 UTC (rev 80616)
@@ -7,7 +7,7 @@
 # See if we can find an Active Directory LDAP server.
 lookup_ad_server() {
     dnsdomain="$1"
-    adserver=$(host -N 2 -t SRV _ldap._tcp.$dnsdomain | grep -v NXDOMAIN | awk '{print $NF}' | head -1)
+    adserver=$(host -N 2 -t SRV _ldap._tcp.$dnsdomain | egrep -v 'NXDOMAIN|^;' | awk '{print $NF}' | head -1)
     if [ "$adserver" ] ; then
 	echo $adserver | sed 's/\.$//'
     fi
@@ -45,8 +45,37 @@
     fi
 }
 
+lookup_ldap_base() {
+    ldapuri="$1"
+    defaultcontext="$(ldapsearch -LLL -H "$ldapuri" -x -b '' -s base defaultNamingContext  2>/dev/null | awk '/^defaultNamingContext: / { print $2}')"
+    if [ -z "$defaultcontext" ] ; then
+	:
+    else
+	echo $defaultcontext
+    fi
+}
+
+setup_smbconf() {
+    adserver="$1"
+    realm="$2"
+    workgroup="$3"
+    cat > /etc/samba/smb.conf <<EOF
+[global]
+   workgroup = $workgroup
+   client signing = yes
+   client use spnego = yes
+   kerberos method = secrets and keytab
+   log file = /var/log/samba/%m.log
+   password server = $adserver
+   realm = $realm
+   security = ads
+EOF
+}
 bindir=$(dirname $0)
 
+# Make sure the packages we need are installed
+apt-get install -qy host ldap-utils samba-common
+
 dnsdomain=$(find_dns_domain "$1")
 
 adserver=$(lookup_ad_server $dnsdomain)
@@ -69,9 +98,20 @@
     echo "error: Unable to find Kerberos realm using AD server $ldapuri"
     exit 1
 fi
+ldapbase="$(lookup_ldap_base "$ldapuri")"
 
-echo "Setting AD client using $adserver as AD server and $realm as Kerberos realm"
+echo "********************************************"
+echo "Setting up AD client using"
+echo "  $adserver as AD server,"
+echo "  $realm as Kerberos realm and"
+echo "  $ldapbase as LDAP base"
+echo "********************************************"
 
+cat <<EOF | debconf-set-selections
+nslcd   nslcd/ldap-uris string  ldap://$adserver/
+nslcd   nslcd/ldap-base string  $ldapbase
+EOF
+
 # Set up roaming profile and AD connection for PAM and NSS (using sssd)
 $bindir/setup-roaming
 
@@ -106,18 +146,10 @@
 # ad.example.com = $realm
 EOF
 
-cat > /etc/samba/smb.conf <<EOF
-[global]
-   workgroup = UNKNOWN
-   client signing = yes
-   client use spnego = yes
-   kerberos method = secrets and keytab
-   log file = /var/log/samba/%m.log
-   password server = $adserver
-   realm = $realm
-   security = ads
-EOF
-
+# Create dummy file to get "net ads lookup" working
+setup_smbconf "$adserver" "$realm" "UNKNOWN"
+workgroup="$(net ads lookup|awk '/Pre-Win2k Domain:/ { print $3}')"
+setup_smbconf "$adserver" "$realm" "$workgroup"
 echo
 echo "Log in as domain administrator to register machine in Active Directory"
 echo
@@ -128,4 +160,4 @@
 fi
 net ads join -U $adminaduser
 
-service sssd restart
+invoke-rc.d sssd restart

Modified: branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-roaming
===================================================================
--- branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-roaming	2013-06-14 07:47:13 UTC (rev 80615)
+++ branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-roaming	2013-06-14 08:09:54 UTC (rev 80616)
@@ -16,6 +16,12 @@
     fi
 }
 
+DEBIAN_FRONTEND=noninteractive
+export DEBIAN_FRONTEND
+
+# Make sure the packages we need are installed
+apt-get install -y host ldap-utils
+
 aptitude install -y libpam-mklocaluser
 aptitude install -y libpam-sss libnss-sss
 

Modified: branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config
===================================================================
--- branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config	2013-06-14 07:47:13 UTC (rev 80615)
+++ branches/wheezy/debian-edu-config/share/debian-edu-config/tools/sssd-generate-config	2013-06-14 08:09:54 UTC (rev 80616)
@@ -17,7 +17,7 @@
     if ping -c2 ldap.$domain > /dev/null 2>&1; then
 	echo ldap://ldap.$domain
     else
-	host=$(host -N 2 -t SRV _ldap._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}' | head -1)
+	host=$(host -N 2 -t SRV _ldap._tcp.$domain | egrep -v 'NXDOMAIN|^;' | awk '{print $NF}' | head -1)
 	if [ "$host" ] ; then
 	    echo ldap://$host | sed 's/\.$//'
 	fi

More information about the debian-edu-commits mailing list