AD dns bug fixed

This commit is contained in:
agahhulusi 2021-03-17 16:00:55 +03:00
parent 39f68f2283
commit a37a71791a
4 changed files with 106 additions and 68 deletions

View file

@ -1,37 +0,0 @@
[libdefaults]
default_realm = ENGEREK.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
ENGEREK.LOCAL = {
admin_server = liderahenk.engerek.local
kdc = liderahenk.engerek.local
}
[domain_realm]
.engerek.local = ENGEREK.LOCAL
------------------------------------------------------------------------------------------
[libdefaults]
default_realm = ENGEREK.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
###realm### = {
###admin_server###
###kdc###
}
[domain_realm]
###own_domain_realm###

View file

@ -0,0 +1,22 @@
[libdefaults]
###default_realm###
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
dns_lookup_realm = false
dns_lookup_kdc = true
dns_canonicalize_hostname = true
rdns = false
[realms]
[domain_realm]

View file

@ -24,4 +24,13 @@ use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = true
ad_gpo_ignore_unreadable = true
enumerate = true
auth_provider = ad
chpass_provider = ad
dyndns_update = true
dyndns_update_ptr = false
###ad_hostname###
ldap_schema = ad
ldap_sasl_mech = gssapi
ldap_krb5_init_creds = true

View file

@ -4,6 +4,7 @@
from base.scope import Scope
from base.util.util import Util
from base.system.system import System
import time
class ExecuteSSSDAdAuthentication:
@ -11,6 +12,7 @@ class ExecuteSSSDAdAuthentication:
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
self.system = System()
def authenticate(self, domain_name, host_name, ip_address, password, ad_username):
try:
@ -82,7 +84,6 @@ class ExecuteSSSDAdAuthentication:
lines = lines.replace(lines, ("#" + lines))
resolve_conf_temp.write(lines)
resolve_conf_temp.close()
file_default_resolve = open(resolve_conf_path, 'r')
file_data = file_default_resolve.read()
@ -100,9 +101,23 @@ class ExecuteSSSDAdAuthentication:
file_default_hosts = open(host_path, 'r')
file_data = file_default_hosts.read()
if ("{0} {1}".format(ip_address, host_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name))
self.logger.info("/etc/hosts is configured")
if ("{0} {1}.{2} {1}".format("127.0.1.1",self.system.Os.hostname(),domain_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}.{2} {1}".format("127.0.1.1",self.system.Os.hostname(),domain_name))
self.logger.info("FQDN is configured")
else:
self.logger.info("FQDN is not configured")
if ("{0} {1}".format(ip_address, host_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name))
self.logger.info("/etc/hosts is configured for hostname")
else:
self.logger.info("/etc/hosts is NOT configured for hostname")
if ("{0} {1}".format(ip_address, domain_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, domain_name))
self.logger.info("/etc/hosts is configured for domainname")
else:
self.logger.info("/etc/hosts is NOT configured for domainname")
file_default_hosts.close()
file_default_hosts = open(host_path, 'w')
@ -118,7 +133,7 @@ class ExecuteSSSDAdAuthentication:
self.logger.error("Script başarısız oldu : " + str(p_err))
# Installation of required packages
(result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs")
(result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs dnsutils")
if (result_code == 0):
self.logger.info("İndirmeler Başarılı")
else:
@ -138,18 +153,11 @@ class ExecuteSSSDAdAuthentication:
file_default_pam.write(file_data)
file_default_pam.close()
# Execute the commands that require for join Domain
# (result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper()))
# if (result_code == 0):
# self.logger.info("Realm Discover komutu başarılı")
# else:
# self.logger.error("Realm Discover komutu başarısız : " + str(p_err))
self.domain_try_counter2 = 0
self.discover_try_counter2 = 0
try:
while (True):
self.domain_try_counter2 = self.domain_try_counter2 + 1
if (self.domain_try_counter2 == 10):
self.discover_try_counter2 = self.discover_try_counter2 + 1
if (self.discover_try_counter2 == 5):
break
else:
(result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper()))
@ -161,22 +169,25 @@ class ExecuteSSSDAdAuthentication:
time.sleep(2)
except Exception as e:
self.logger.error(e)
self.logger.info("AD DİSCOVER Login işlemi esnasında hata oluştu.")
self.logger.info("Active Directory Discover işlemi esnasında hata oluştu.")
self.domain_try_counter = 0
while (True):
self.domain_try_counter = self.domain_try_counter + 1
if (self.domain_try_counter == 10):
break
else:
(result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper()))
if (result_code == 0):
self.logger.info("Realm Join komutu başarılı")
self.join_try_counter = 0
try:
while (True):
self.join_try_counter = self.join_try_counter + 1
if (self.join_try_counter == 5):
break
else:
self.logger.error("Realm Join komutu başarısız : ")
time.sleep(2)
(result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper()))
if (result_code == 0):
self.logger.info("Realm Join komutu başarılı")
break
else:
self.logger.error("Realm Join komutu başarısız : ")
time.sleep(2)
except Exception as e:
self.logger.error(e)
self.logger.info("Active Directory Join işlemi esnasında hata oluştu.")
# Configure sssd template
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf"
@ -203,6 +214,7 @@ class ExecuteSSSDAdAuthentication:
file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name))
file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name))
file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper()))
file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower()))
file_sssd.close()
file_sssd = open(sssd_config_file_path, 'w')
@ -216,6 +228,39 @@ class ExecuteSSSDAdAuthentication:
else:
self.logger.error("Chmod komutu başarısız : " + str(p_err))
# Configure krb5 template
krb5_config_template_path = "/usr/share/ahenk/base/registration/config-files/krb5_ad.conf"
krb5_config_folder_path = "/etc"
krb5_config_file_path = "/etc/krb5.conf"
if not self.util.is_exist(krb5_config_folder_path):
self.util.create_directory(krb5_config_folder_path)
self.logger.info("{0} folder is created".format(krb5_config_folder_path))
if self.util.is_exist(krb5_config_file_path):
self.util.delete_file(krb5_config_file_path)
self.logger.info("delete krb5 org conf")
self.util.copy_file(krb5_config_template_path, krb5_config_folder_path)
self.logger.info("{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path))
self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf")
# Configure krb5_ad.conf
file_krb5 = open(krb5_config_file_path, 'r')
file_data = file_krb5.read()
file_data = file_data.replace("###default_realm###", "default_realm = {}".format(domain_name.upper()))
file_krb5.close()
file_krb5 = open(krb5_config_file_path, 'w')
file_krb5.write(file_data)
file_krb5.close()
# Arrangement of chmod as 644 for krb5_ad.conf
(result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path))
if(result_code == 0):
self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı")
else:
self.logger.error("Chmod komutu başarısız : " + str(p_err))
# Configure sssd for language environment
default_sssd_path = "/etc/default/sssd"
file_default_sssd = open(default_sssd_path, 'r')
@ -239,11 +284,10 @@ class ExecuteSSSDAdAuthentication:
file_default_sssd.close()
self.util.execute("systemctl restart nscd.service")
# self.util.execute("pam-auth-update --force")
self.logger.info("AD Login operation has been completed.")
self.logger.info("AD Login işlemi başarı ile sağlandı.")
return True
except Exception as e:
self.logger.error(str(e))
self.logger.info("AD Login işlemi esnasında hata oluştu.")