summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-03-31 21:46:53 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-03-31 21:46:53 +0000
commita95d89d2c00598dcdd5f0806019c52092223a8eb (patch)
tree0d7dbdbebfd77c7a7078279ed2b2c1a8f65cc9d0
parenta57cd6cd44c7e54dfb20c7d011693f3e02db7134 (diff)
downloaddrakx-a95d89d2c00598dcdd5f0806019c52092223a8eb.tar
drakx-a95d89d2c00598dcdd5f0806019c52092223a8eb.tar.gz
drakx-a95d89d2c00598dcdd5f0806019c52092223a8eb.tar.bz2
drakx-a95d89d2c00598dcdd5f0806019c52092223a8eb.tar.xz
drakx-a95d89d2c00598dcdd5f0806019c52092223a8eb.zip
Producing valid winbind configuration when REALM != DNS (based on patch from #49189).
-rw-r--r--perl-install/NEWS3
-rw-r--r--perl-install/authentication.pm29
2 files changed, 18 insertions, 14 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS
index 8385afd5d..eea654149 100644
--- a/perl-install/NEWS
+++ b/perl-install/NEWS
@@ -1,3 +1,6 @@
+- drakauth:
+ o handling winbind configuration when REALM != DNS (#49189)
+
Version 12.20 - 30 March 2009
- draksec:
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index d009bc8b0..d159b36c4 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -53,7 +53,7 @@ my %kind2packages = (
LDAP => [ 'openldap-clients', 'nss_ldap', 'pam_ldap', 'autofs', 'nss_updatedb' ],
KRB5 => [ 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'nss_updatedb' ],
NIS => [ 'ypbind', 'autofs' ],
- winbind => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'samba-server' ],
+ winbind => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi' ],
);
@@ -130,7 +130,7 @@ sub ask_parameters {
$authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME};
$in->do_pkgs->ensure_are_installed([ 'perl-Net-DNS' ], 1) or return;
- my @srvs = query_srv_names($authentication->{AD_domain});
+ my @srvs = query_srv_names($authentication->{AD_domain}); #FIXME: update this list if the REALM has changed
$authentication->{AD_server} ||= $srvs[0] if @srvs;
my $AD_user = $authentication->{AD_user} =~ /(.*)\@\Q$authentication->{AD_domain}\E$/ ? $1 : $authentication->{AD_user};
$authentication->{ccreds} = 1;
@@ -142,10 +142,10 @@ sub ask_parameters {
{},
{ label => N("Realm "), val => \$authentication->{AD_domain} },
{},
- { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0, title => 1 },
+ { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0, title => 1 },
{},
- { text => N("Use DNS to resolve hosts for realms "), val => \$authentication->{KRB_host_lookup}, type => 'bool' },
- { text => N("Use DNS to resolve KDCs for realms "), val => \$authentication->{KRB_dns_lookup}, type => 'bool' },
+ { text => N("Use DNS to locate KDC for the realm"), val => \$authentication->{KRB_host_lookup}, type => 'bool' },
+ { text => N("Use DNS to locate realms"), val => \$authentication->{KRB_dns_lookup}, type => 'bool' },
{ text => N("Use Disconnect mode "), val => \$authentication->{ccreds}, type => 'bool' },
]) or return;
@@ -195,12 +195,12 @@ my %level = (
#- but networking is not setup yet necessarily
#
my @sec_domain = (
- "Windows NT4 Domain",
"Windows Active Directory Domain",
+ "Windows NT4 Domain",
);
- $authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME};
+ $authentication->{DNS_domain} ||= $net->{resolv}{DOMAINNAME};
$authentication->{WINDOMAIN} ||= $net->{resolv}{DOMAINNAME};
$in->do_pkgs->ensure_are_installed([ 'samba-client' ], 1) or return;
my @domains=list_domains();
@@ -215,8 +215,8 @@ my %level = (
{ label => N("Domain Model "), val => \$authentication->{model}, list => \@sec_domain , not_edit => 1 },
{},
{ label => N("Active Directory Realm "), val => \$authentication->{AD_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } },
- {},
- {},
+ { label => N("DNS Domain"), val => \$authentication->{DNS_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } },
+ { label => N("DC Server"), val => \$authentication->{AD_server} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } },
{},
]) or return;
}
@@ -428,7 +428,7 @@ EOF
} else {
-
+ # FIXME: the DC isn't named ads.domain... try to do reserve lookup?
$authentication->{AD_server} ||= 'ads.' . $authentication->{AD_domain};
my $domain = uc $authentication->{WINDOMAIN};
my $realm = $authentication->{AD_domain};
@@ -441,14 +441,14 @@ EOF
mkdir_p("$::prefix/home/$domain");
run_program::rooted($::prefix, 'net', 'time', 'set', '-S', $authentication->{AD_server});
run_program::rooted($::prefix, 'service', 'smb', 'restart');
- run_program::rooted($::prefix, 'service', 'winbind', 'restart');
$when_network_is_up->(sub {
run_program::raw({ root => $::prefix, sensitive_arguments => 1 },
'net', 'ads', 'join', '-U', $authentication->{winuser} . '%' . $authentication->{winpass});
+ run_program::rooted($::prefix, 'service', 'winbind', 'restart');
});
-
+#FIXME: perhaps save the defaults values ?
output($conf_file, <<EOF);
auth=Windows Active Directory Domain
server= none
@@ -704,11 +704,12 @@ sub configure_krb5_for_AD {
$uc_domain = {
kdc = $authentication->{AD_server}:88
admin_server = $authentication->{AD_server}:749
- default_domain = $authentication->{AD_domain}
+ default_domain = $authentication->{DNS_domain}
}
EOF
domain_realm => <<EOF,
- .$authentication->{AD_domain} = $uc_domain
+ .$authentication->{DNS_domain} = $uc_domain
+ $authentication->{DNS_domain} = $uc_domain
EOF
kdc => <<'EOF',
profile = /etc/kerberos/krb5kdc/kdc.conf