Add AD join for Linux

2022-09-29 15:34:23 +02:00 · 2022-09-29 15:34:23 +02:00 · 80b7402a27
commit 80b7402a27
parent f5afe3eb4c
2 changed files with 71 additions and 0 deletions
--- a/roles/linroom_ad/tasks/main.yml
+++ b/roles/linroom_ad/tasks/main.yml
@ -0,0 +1,41 @@
+- name: Install sssd + samba + keyutil
+  apt:
+    name: 
+      - sssd
+      - sssd-ad
+      - realmd
+      - samba-common-bin
+      - smbclient
+      - cifs-utils
+      - smbclient
+    state: latest
+- name: Install kerberos utils
+  apt:
+    name: 
+      - keyutils
+      - krb5-user
+- name: Install PAM modules
+  apt:
+    name: libpam-modules
+    state: latest
+- name: Enable create homedir on login
+  command: pam-auth-update --enable mkhomedir
+  become: true
+- name: Check whether we already joined
+  command: /bin/bash -c "/usr/sbin/realm list"
+  register: realm_list_results
+- name: Join using realmd
+  expect:
+    command: realm join --user=ad.join@FRI1.UNI-LJ.SI --computer-ou=OU=Ucilnice FRI1.UNI-LJ.SI
+    responses:
+      (?i)Password: "{{ad_join_password}}"
+  ignore_errors: yes
+  when: realm_list_results.stdout == ""
+
+- name: Copy sssd config
+  template:
+    src: sssd.conf
+    dest: "/etc/sssd/sssd.conf"
+    owner: root
+    mode: 0600
+