From 76400d0960607e02acb13f0b4a10fde59bce15b1 Mon Sep 17 00:00:00 2001
From: Stew Benedict <stewb@mandriva.org>
Date: Thu, 18 Jul 2002 19:21:29 +0000
Subject: add support/option for Windows(tm) authentication via winbind

---
 perl-install/install_any.pm               | 47 ++++++++++++++++++++++++++++++-
 perl-install/install_steps_interactive.pm | 13 ++++++++-
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/perl-install/install_any.pm b/perl-install/install_any.pm
index ab89918d6..0196e293a 100644
--- a/perl-install/install_any.pm
+++ b/perl-install/install_any.pm
@@ -436,7 +436,7 @@ sub addToBeDone(&$) {
 
 sub setAuthentication {
     my ($o) = @_;
-    my ($shadow, $md5, $ldap, $nis) = @{$o->{authentication} || {}}{qw(shadow md5 LDAP NIS)};
+    my ($shadow, $md5, $ldap, $nis, $winbind) = @{$o->{authentication} || {}}{qw(shadow md5 LDAP NIS winbind)};
     my $p = $o->{prefix};
     #- obsoleted always enabled (in /etc/pam.d/system-auth furthermore) #any::enableMD5Shadow($p, $shadow, $md5);
     any::enableShadow($p) if $shadow;
@@ -457,9 +457,54 @@ sub setAuthentication {
 	} "$p/etc/yp.conf";
 	require network;
 	network::write_conf("$p/etc/sysconfig/network", $o->{netc});
+    } elsif ($winbind) {
+	my $domain = $o->{netc}{WINDOMAIN};
+	$o->pkg_install(qw(samba-winbind samba-common));
+	{   #- setup pam
+	    my $f = "$o->{prefix}/etc/pam.d/system-auth";
+	    cp_af($f, "$f.orig");
+	    cp_af("$f-winbind", $f);
+	}
+	write_smb_conf($o, $domain);
+	run_program::rooted($o->{prefix}, "chkconfig", "--level", "35", "winbind", "on");
+	mkdir "$o->{prefix}/home/$domain", 0755;
+
+	#- finally join the machine to the Windoze domain
+	run_program::rooted($o->{prefix}, "/usr/bin/smbpasswd", "-j", $domain, "-r", $winbind);
     }
 }
 
+sub write_smb_conf {
+    my ($domain) = @_;
+
+    #- was going to just have a canned config in samba-winbind
+    #- and replace the domain, but sylvestre/buchan didn't bless it yet
+
+    my $f = "$::prefix/etc/samba/smb.conf";
+    rename $f, "$f.orig";
+    output($f, "
+[global]
+	workgroup = $domain  
+	server string = Samba Server %v
+	security = domain  
+	encrypt passwords = Yes
+	password server = *
+	log file = /var/log/samba/log.%m
+	max log size = 50
+	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
+	character set = ISO8859-15
+	os level = 18
+	local master = No
+	dns proxy = No
+	winbind uid = 10000-20000
+	winbind gid = 10000-20000
+	winbind separator = +
+	template homedir = /home/%D/%U
+	template shell = /bin/bash
+	winbind use default domain = yes
+");
+}
+
 sub killCardServices {
     my $pid = chomp_(cat_("/tmp/cardmgr.pid"));
     $pid and kill(15, $pid); #- send SIGTERM
diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm
index bafde238c..3aebfe8ed 100644
--- a/perl-install/install_steps_interactive.pm
+++ b/perl-install/install_steps_interactive.pm
@@ -1079,6 +1079,7 @@ sub setRootPassword {
     my $sup = $o->{superuser} ||= {};
     my $auth = ($o->{authentication}{LDAP} && __("LDAP") ||
 		$o->{authentication}{NIS} && __("NIS") ||
+		$o->{authentication}{winbind} && __("Windows PDC") ||
 		__("Local files"));
     $sup->{password2} ||= $sup->{password} ||= "";
 
@@ -1101,7 +1102,7 @@ sub setRootPassword {
 { label => _("Password"), val => \$sup->{password},  hidden => 1 },
 { label => _("Password (again)"), val => \$sup->{password2}, hidden => 1 },
   if_($::expert,
-{ label => _("Authentication"), val => \$auth, list => [ __("Local files"), __("LDAP"), __("NIS") ], format => \&translate },
+{ label => _("Authentication"), val => \$auth, list => [ __("Local files"), __("LDAP"), __("NIS"), __("Windows PDC") ], format => \&translate },
   ),
 			 ]) or return;
 
@@ -1122,6 +1123,16 @@ sub setRootPassword {
 		       { label => _("NIS Server"), val => \$o->{authentication}{NIS}, list => ["broadcast"], not_edit => 0 },
 		     ]) or goto &setRootPassword;
     } else { $o->{authentication}{NIS} = '' }
+    if ($auth eq __("Windows PDC")) {
+	#- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list 
+	#- but networking isn't setup yet necessarily
+	$o->ask_from('',
+		     _("Authentication Windows PDC"),
+		     [ { label => _("Windows Domain"), val => \ ($o->{netc}{WINDOMAIN} ||= $o->{netc}{DOMAINNAME}) },
+		       { label => _("PDC Server Name"), val => \$o->{authentication}{winbind} },
+		     ]) or goto &setRootPassword;
+	$o->ask_warn('', _("For this to work for a W2K PDC, you will probably need to have the admin run: C:\>net localgroup \"Pre-Windows 2000 Compatible Access\" everyone /add and reboot the server"));
+    } else { $o->{authentication}{winbind} = '' }
     install_steps::setRootPassword($o);
 }
 
-- 
cgit v1.2.1