Commit 8dfd3e3d authored by Francesco Gionghi's avatar Francesco Gionghi
Browse files

Revert "Revert "add redhat""

This reverts commit 17cca9d4.
parent 096cd743
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = PC.ITC.IT
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
PC.ITC.IT = {
}
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
pc.itc.it = PC.ITC.IT
.pc.itc.it = PC.ITC.IT
\ No newline at end of file
[sssd]
domains = {{ realm|lower }}
config_file_version = 2
services = nss, pam, ssh
[domain/{{ realm|lower }}]
ad_domain = {{ realm|lower }}
krb5_realm = {{ realm }}
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
ad_gpo_access_control = disabled
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
......@@ -7,7 +7,7 @@ services = nss, pam, ssh
[domain/{{ realm|lower }}]
ad_domain = {{ realm|lower }}
krb5_realm = {{ realm }}
realmd_tags = manages-system joined-with-adcli
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
......
include:
- .join
- .mkhomedir
\ No newline at end of file
- .post-command
\ No newline at end of file
{%- set sssdroot = slspath.split('/')[0] %}
{%- from sssdroot ~ "/map.jinja" import sssd with context %}
pam-mkhomedir:
post-command:
cmd.run:
- name: {{sssd.mkhomedir.command}}
- unless: grep mkhomedir {{ sssd.mkhomedir.checkfile }}
\ No newline at end of file
- name: {{sssd.launch.command}}
- unless: grep mkhomedir {{ sssd.launch.checkfile }}
\ No newline at end of file
......@@ -23,12 +23,42 @@ Ubuntu:
- realmd
- sssd
command: realm
mkhomedir:
launch:
checkfile: /etc/pam.d/common-session
command: export DEBIAN_FRONTEND=noninteractive;/usr/sbin/pam-auth-update --package --enable mkhomedir
commandreset: export DEBIAN_FRONTEND=noninteractive;/usr/sbin/pam-auth-update --remove mkhomedir
# os_family: RedHat
RedHat:
config:
sdfile:
- source: salt://{{ slspath }}/files/sssd.conf.redhat
destination: /etc/sssd/sssd.conf
dbfile:
- source: x1
destination: /var/lib/sss/db/cache_pc.itc.it.ldb
- source: x2
destination: /var/lib/sss/db/ccache_PC.ITC.IT
- source: x3
destination: /var/lib/sss/db/config.ldb
- source: x4
destination: /var/lib/sss/db/sssd.ldb
krb:
- source: salt://{{ slspath }}/files/krb5.conf.redhat
destination: /etc/krb5.conf
#nsswitch:
# - source: salt://{{ slspath }}/files/nsswitch.conf
# destination: /etc/nsswitch.conf
packages:
- realmd
- sssd
command: realm
#mkhomedir:
# checkfile: /etc/pam.d/common-session
# command: export DEBIAN_FRONTEND=noninteractive;/usr/sbin/pam-auth-update --package --enable mkhomedir
# commandreset: export DEBIAN_FRONTEND=noninteractive;/usr/sbin/pam-auth-update --remove mkhomedir
launch:
command: /usr/sbin/authconfig --update --enablesssd --enablesssdauth
Fedora: {}
CentOS: {}
Amazon: {}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment