diff --git a/roles/ad_joined/files/pam_mount.conf.xml b/roles/ad_joined/files/pam_mount.conf.xml new file mode 100644 index 0000000..01eb506 --- /dev/null +++ b/roles/ad_joined/files/pam_mount.conf.xml @@ -0,0 +1,20 @@ + + + + + + + + diff --git a/roles/ad_joined/tasks/main_lin.yml b/roles/ad_joined/tasks/main_lin.yml index d1cadbb..2d9b02e 100644 --- a/roles/ad_joined/tasks/main_lin.yml +++ b/roles/ad_joined/tasks/main_lin.yml @@ -1,21 +1,35 @@ -- name: Enable create homedir on login - command: pam-auth-update --enable mkhomedir - become: true +- name: Install required packages + apt: + name: + - realmd + - sssd + - libpam-mount + - heimdal-clients + +- name: Remove krb5-user + apt: + name: + krb5-user + state: absent + +- name: Set OU + set_fact: + ou_path: "OU={{locations[0]}},OU=Ucilnice" + +- name: Show state + debug: + msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}" + # - import_tasks: ne_sysprep.yaml + +- name: "Rename" + # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom + hostname: + name: "{{inventory_hostname}}" + register: hostname_res + - name: Check whether we already joined command: /bin/bash -c "/usr/sbin/realm list" register: realm_list_results - - name: Set OU - set_fact: - ou_path: "OU={{locations[0]}},OU=Ucilnice" - - name: Show state - debug: - msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}" - # - import_tasks: ne_sysprep.yaml - - name: "Rename" - # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom - hostname: - name: "{{inventory_hostname}}" - register: hostname_res - name: Join using realmd expect: @@ -32,3 +46,20 @@ owner: root mode: 0600 +- name: Configure libpam-mount + copy: + src: pam_mount.conf.xml + dest: /etc/security/pam_mount.conf.xml + +- name: Enable libpam-mount + command: pam-auth-update --enable libpam-mount + become: true + +- name: Disable libpam-mkhomedir + command: pam-auth-update --disable mkhomedir + become: true + +- name: Restart sssd + service: + name: sssd + state: restarted diff --git a/roles/ad_joined/tasks/main_win.yml b/roles/ad_joined/tasks/main_win.yml index 79481e3..be252f9 100644 --- a/roles/ad_joined/tasks/main_win.yml +++ b/roles/ad_joined/tasks/main_win.yml @@ -1,18 +1,22 @@ - name: Set OU set_fact: ou_path: "OU={{locations[0]}},OU=Ucilnice,DC=fri1,DC=uni-lj,DC=si" + - name: "Rename" # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom win_hostname: name: "{{inventory_hostname}}" register: hostname_res + - name: "Reboot after hostname change" win_reboot: when: hostname_res.reboot_required + - name: Stop Windows Update Service win_service: name: wuauserv state: stopped + - name: Clear WSUS ID from registry win_regedit: path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate @@ -24,10 +28,12 @@ - AccountDomainSid - SusClientId - SusClientIDValidation + - name: Start Windows Update Service win_service: name: wuauserv state: started + - name: "Join domain" win_domain_membership: domain_admin_user: "{{adjoin_user}}" @@ -37,12 +43,15 @@ hostname: "{{inventory_hostname}}" state: domain register: domain_state + - name: Reset WSUS authorization win_command: wuauclt.exe /resetauthorization /detectnow ignore_errors: yes + - name: Update windows win_command: wuauclt.exe /updatenow ignore_errors: yes + - name: Reboot win_command: "shutdown /r" when: domain_state.reboot_required diff --git a/roles/ad_joined/templates/sssd.conf b/roles/ad_joined/templates/sssd.conf index 117793c..46c5c5b 100644 --- a/roles/ad_joined/templates/sssd.conf +++ b/roles/ad_joined/templates/sssd.conf @@ -29,3 +29,4 @@ ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad +krb5_ccname_template = FILE:%d/krb5cc_%U