[debian-edu-commits] r80567 - in branches/wheezy/debian-edu-config: debian share/debian-edu-config/tools

pere at alioth.debian.org pere at alioth.debian.org
Fri Jun 14 02:27:44 UTC 2013 

Author: pere
Date: 2013-06-13 11:49:51 +0000 (Thu, 13 Jun 2013)
New Revision: 80567

Modified:
   branches/wheezy/debian-edu-config/debian/changelog
   branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client
Log:
Make setup-ad-client more automatic, flexible and robust.

Modified: branches/wheezy/debian-edu-config/debian/changelog
===================================================================
--- branches/wheezy/debian-edu-config/debian/changelog	2013-06-13 11:47:32 UTC (rev 80566)
+++ branches/wheezy/debian-edu-config/debian/changelog	2013-06-13 11:49:51 UTC (rev 80567)
@@ -8,6 +8,7 @@
   * Move code in sssd-generate-config to detect DNS domain name into
     its own function, to make it easier to share that code with
     setup-ad-client.
+  * Make setup-ad-client more automatic, flexible and robust.
 
  -- Holger Levsen <holger at debian.org>  Thu, 13 Jun 2013 13:42:45 +0200
 

Modified: branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client
===================================================================
--- branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client	2013-06-13 11:47:32 UTC (rev 80566)
+++ branches/wheezy/debian-edu-config/share/debian-edu-config/tools/setup-ad-client	2013-06-13 11:49:51 UTC (rev 80567)
@@ -16,18 +16,47 @@
 lookup_ad_realm() {
     ldapuri="$1"
     realm=$(ldapsearch -LLL -x -H $ldapuri. -b '' -s base ldapServiceName | grep ldapServiceName: | cut -d@ -f2)
+    echo $realm
 }
 
+find_dns_domain() {
+    if [ "$1" ] ; then
+	domain=$1
+    else
+	domain="$(hostname -d 2>/dev/null || true)"
+	# If hostname is not FQDN, look in DNS setup instead, to
+	# increase the chance of the automatic setup to work.
+	if [ -z "$domain" ] ; then
+	    domain=$(grep search /etc/resolv.conf |awk '{print $2}')
+	fi
+    fi
+    echo $domain
+}
+
 bindir=$(dirname $0)
 
-# Set up roaming profile and AD connection for PAM and NSS (using sssd)
-$bindir/setup-roaming
+dnsdomain=$(find_dns_domain "$1")
 
-dnsdomain=$1
 adserver=$(lookup_ad_server $dnsdomain)
+
+if [ -z "$adserver" ] ; then
+    echo "error: Unable to find AD server using SRV records in $dnsdomain"
+    exit 1
+fi
 ldapuri=ldap://$adserver
-realm=$(lookup_ad_realm)
+realm=$(lookup_ad_realm $ldapuri)
 
+if [ -z "$realm" ] ; then
+    echo "error: Unable to find Kerberos realm using AD server $ldapuri"
+    exit 1
+fi
+
+echo "Setting AD client using $adserver as AD server and $realm as Kerberos realm"
+
+# Set up roaming profile and AD connection for PAM and NSS (using sssd)
+$bindir/setup-roaming
+
+
 cat > /etc/krb5.conf <<EOF
 [logging]
  default = FILE:/var/log/krb5libs.log
@@ -70,11 +99,14 @@
    security = ads
 EOF
 
-adminaduser=Administrator
 echo
 echo "Log in as domain administrator to register machine in Active Directory"
 echo
+printf "AD username to use [Administrator]: "
+read adminaduser
+if [ -z "$adminaduser" ] ; then
+    adminaduser=Administrator
+fi
 net ads join -U $adminaduser
 
 service sssd restart
-

More information about the debian-edu-commits mailing list