mirror of
https://github.com/Pardus-LiderAhenk/ahenk
synced 2024-11-22 14:22:17 +03:00
AD dns bug fixed
This commit is contained in:
parent
39f68f2283
commit
a37a71791a
4 changed files with 106 additions and 68 deletions
|
@ -1,37 +0,0 @@
|
|||
[libdefaults]
|
||||
default_realm = ENGEREK.LOCAL
|
||||
kdc_timesync = 1
|
||||
ccache_type = 4
|
||||
forwardable = true
|
||||
proxiable = true
|
||||
fcc-mit-ticketflags = true
|
||||
|
||||
[realms]
|
||||
ENGEREK.LOCAL = {
|
||||
admin_server = liderahenk.engerek.local
|
||||
kdc = liderahenk.engerek.local
|
||||
}
|
||||
|
||||
[domain_realm]
|
||||
.engerek.local = ENGEREK.LOCAL
|
||||
|
||||
|
||||
------------------------------------------------------------------------------------------
|
||||
[libdefaults]
|
||||
default_realm = ENGEREK.LOCAL
|
||||
kdc_timesync = 1
|
||||
ccache_type = 4
|
||||
forwardable = true
|
||||
proxiable = true
|
||||
fcc-mit-ticketflags = true
|
||||
|
||||
[realms]
|
||||
###realm### = {
|
||||
|
||||
###admin_server###
|
||||
###kdc###
|
||||
|
||||
}
|
||||
|
||||
[domain_realm]
|
||||
###own_domain_realm###
|
22
src/base/registration/config-files/krb5_ad.conf
Normal file
22
src/base/registration/config-files/krb5_ad.conf
Normal file
|
@ -0,0 +1,22 @@
|
|||
[libdefaults]
|
||||
###default_realm###
|
||||
kdc_timesync = 1
|
||||
ccache_type = 4
|
||||
forwardable = true
|
||||
proxiable = true
|
||||
fcc-mit-ticketflags = true
|
||||
dns_lookup_realm = false
|
||||
dns_lookup_kdc = true
|
||||
dns_canonicalize_hostname = true
|
||||
rdns = false
|
||||
|
||||
[realms]
|
||||
|
||||
[domain_realm]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -24,4 +24,13 @@ use_fully_qualified_names = False
|
|||
fallback_homedir = /home/%u
|
||||
access_provider = ad
|
||||
ad_gpo_access_control = permissive
|
||||
ad_gpo_ignore_unreadable = true
|
||||
ad_gpo_ignore_unreadable = true
|
||||
enumerate = true
|
||||
auth_provider = ad
|
||||
chpass_provider = ad
|
||||
dyndns_update = true
|
||||
dyndns_update_ptr = false
|
||||
###ad_hostname###
|
||||
ldap_schema = ad
|
||||
ldap_sasl_mech = gssapi
|
||||
ldap_krb5_init_creds = true
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
from base.scope import Scope
|
||||
from base.util.util import Util
|
||||
from base.system.system import System
|
||||
import time
|
||||
|
||||
class ExecuteSSSDAdAuthentication:
|
||||
|
@ -11,6 +12,7 @@ class ExecuteSSSDAdAuthentication:
|
|||
scope = Scope().get_instance()
|
||||
self.logger = scope.get_logger()
|
||||
self.util = Util()
|
||||
self.system = System()
|
||||
|
||||
def authenticate(self, domain_name, host_name, ip_address, password, ad_username):
|
||||
try:
|
||||
|
@ -82,7 +84,6 @@ class ExecuteSSSDAdAuthentication:
|
|||
lines = lines.replace(lines, ("#" + lines))
|
||||
resolve_conf_temp.write(lines)
|
||||
resolve_conf_temp.close()
|
||||
|
||||
file_default_resolve = open(resolve_conf_path, 'r')
|
||||
file_data = file_default_resolve.read()
|
||||
|
||||
|
@ -100,9 +101,23 @@ class ExecuteSSSDAdAuthentication:
|
|||
file_default_hosts = open(host_path, 'r')
|
||||
file_data = file_default_hosts.read()
|
||||
|
||||
if ("{0} {1}".format(ip_address, host_name)) not in file_data:
|
||||
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name))
|
||||
self.logger.info("/etc/hosts is configured")
|
||||
if ("{0} {1}.{2} {1}".format("127.0.1.1",self.system.Os.hostname(),domain_name)) not in file_data:
|
||||
file_data = file_data + "\n" + ("{0} {1}.{2} {1}".format("127.0.1.1",self.system.Os.hostname(),domain_name))
|
||||
self.logger.info("FQDN is configured")
|
||||
else:
|
||||
self.logger.info("FQDN is not configured")
|
||||
|
||||
if ("{0} {1}".format(ip_address, host_name)) not in file_data:
|
||||
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name))
|
||||
self.logger.info("/etc/hosts is configured for hostname")
|
||||
else:
|
||||
self.logger.info("/etc/hosts is NOT configured for hostname")
|
||||
|
||||
if ("{0} {1}".format(ip_address, domain_name)) not in file_data:
|
||||
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, domain_name))
|
||||
self.logger.info("/etc/hosts is configured for domainname")
|
||||
else:
|
||||
self.logger.info("/etc/hosts is NOT configured for domainname")
|
||||
|
||||
file_default_hosts.close()
|
||||
file_default_hosts = open(host_path, 'w')
|
||||
|
@ -118,7 +133,7 @@ class ExecuteSSSDAdAuthentication:
|
|||
self.logger.error("Script başarısız oldu : " + str(p_err))
|
||||
|
||||
# Installation of required packages
|
||||
(result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs")
|
||||
(result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs dnsutils")
|
||||
if (result_code == 0):
|
||||
self.logger.info("İndirmeler Başarılı")
|
||||
else:
|
||||
|
@ -138,18 +153,11 @@ class ExecuteSSSDAdAuthentication:
|
|||
file_default_pam.write(file_data)
|
||||
file_default_pam.close()
|
||||
|
||||
# Execute the commands that require for join Domain
|
||||
# (result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper()))
|
||||
# if (result_code == 0):
|
||||
# self.logger.info("Realm Discover komutu başarılı")
|
||||
# else:
|
||||
# self.logger.error("Realm Discover komutu başarısız : " + str(p_err))
|
||||
|
||||
self.domain_try_counter2 = 0
|
||||
self.discover_try_counter2 = 0
|
||||
try:
|
||||
while (True):
|
||||
self.domain_try_counter2 = self.domain_try_counter2 + 1
|
||||
if (self.domain_try_counter2 == 10):
|
||||
self.discover_try_counter2 = self.discover_try_counter2 + 1
|
||||
if (self.discover_try_counter2 == 5):
|
||||
break
|
||||
else:
|
||||
(result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper()))
|
||||
|
@ -161,22 +169,25 @@ class ExecuteSSSDAdAuthentication:
|
|||
time.sleep(2)
|
||||
except Exception as e:
|
||||
self.logger.error(e)
|
||||
self.logger.info("AD DİSCOVER Login işlemi esnasında hata oluştu.")
|
||||
self.logger.info("Active Directory Discover işlemi esnasında hata oluştu.")
|
||||
|
||||
self.domain_try_counter = 0
|
||||
|
||||
while (True):
|
||||
self.domain_try_counter = self.domain_try_counter + 1
|
||||
if (self.domain_try_counter == 10):
|
||||
break
|
||||
else:
|
||||
(result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper()))
|
||||
if (result_code == 0):
|
||||
self.logger.info("Realm Join komutu başarılı")
|
||||
self.join_try_counter = 0
|
||||
try:
|
||||
while (True):
|
||||
self.join_try_counter = self.join_try_counter + 1
|
||||
if (self.join_try_counter == 5):
|
||||
break
|
||||
else:
|
||||
self.logger.error("Realm Join komutu başarısız : ")
|
||||
time.sleep(2)
|
||||
(result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper()))
|
||||
if (result_code == 0):
|
||||
self.logger.info("Realm Join komutu başarılı")
|
||||
break
|
||||
else:
|
||||
self.logger.error("Realm Join komutu başarısız : ")
|
||||
time.sleep(2)
|
||||
except Exception as e:
|
||||
self.logger.error(e)
|
||||
self.logger.info("Active Directory Join işlemi esnasında hata oluştu.")
|
||||
|
||||
# Configure sssd template
|
||||
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf"
|
||||
|
@ -203,6 +214,7 @@ class ExecuteSSSDAdAuthentication:
|
|||
file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name))
|
||||
file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name))
|
||||
file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper()))
|
||||
file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower()))
|
||||
|
||||
file_sssd.close()
|
||||
file_sssd = open(sssd_config_file_path, 'w')
|
||||
|
@ -216,6 +228,39 @@ class ExecuteSSSDAdAuthentication:
|
|||
else:
|
||||
self.logger.error("Chmod komutu başarısız : " + str(p_err))
|
||||
|
||||
# Configure krb5 template
|
||||
krb5_config_template_path = "/usr/share/ahenk/base/registration/config-files/krb5_ad.conf"
|
||||
krb5_config_folder_path = "/etc"
|
||||
krb5_config_file_path = "/etc/krb5.conf"
|
||||
|
||||
if not self.util.is_exist(krb5_config_folder_path):
|
||||
self.util.create_directory(krb5_config_folder_path)
|
||||
self.logger.info("{0} folder is created".format(krb5_config_folder_path))
|
||||
|
||||
if self.util.is_exist(krb5_config_file_path):
|
||||
self.util.delete_file(krb5_config_file_path)
|
||||
self.logger.info("delete krb5 org conf")
|
||||
|
||||
self.util.copy_file(krb5_config_template_path, krb5_config_folder_path)
|
||||
self.logger.info("{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path))
|
||||
self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf")
|
||||
|
||||
# Configure krb5_ad.conf
|
||||
file_krb5 = open(krb5_config_file_path, 'r')
|
||||
file_data = file_krb5.read()
|
||||
file_data = file_data.replace("###default_realm###", "default_realm = {}".format(domain_name.upper()))
|
||||
file_krb5.close()
|
||||
file_krb5 = open(krb5_config_file_path, 'w')
|
||||
file_krb5.write(file_data)
|
||||
file_krb5.close()
|
||||
|
||||
# Arrangement of chmod as 644 for krb5_ad.conf
|
||||
(result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path))
|
||||
if(result_code == 0):
|
||||
self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı")
|
||||
else:
|
||||
self.logger.error("Chmod komutu başarısız : " + str(p_err))
|
||||
|
||||
# Configure sssd for language environment
|
||||
default_sssd_path = "/etc/default/sssd"
|
||||
file_default_sssd = open(default_sssd_path, 'r')
|
||||
|
@ -239,11 +284,10 @@ class ExecuteSSSDAdAuthentication:
|
|||
file_default_sssd.close()
|
||||
|
||||
self.util.execute("systemctl restart nscd.service")
|
||||
# self.util.execute("pam-auth-update --force")
|
||||
self.logger.info("AD Login operation has been completed.")
|
||||
|
||||
self.logger.info("AD Login işlemi başarı ile sağlandı.")
|
||||
return True
|
||||
|
||||
except Exception as e:
|
||||
self.logger.error(str(e))
|
||||
self.logger.info("AD Login işlemi esnasında hata oluştu.")
|
||||
|
|
Loading…
Reference in a new issue