rc/classroom
5
0
Fork 4
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Add user homes on CIFS on Linux

Browse source
This commit is contained in:
Gašper Fele-Žorž 2025-08-31 23:36:23 +02:00
parent beb1dbb757
commit 957cd67eb7
4 changed files with 76 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

20
roles/ad_joined/files/pam_mount.conf.xml Normal file
View file

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<!-- Example using CIFS -->
<volume
fstype="cifs"
server="ucilnicesmb.fri1.uni-lj.si"
path="%(USER)"
mountpoint="~/"
options="sec=krb5i,cruid=%(USERUID)"
/>
<volume
fstype="cifs"
server="ucilnicesmb.fri1.uni-lj.si"
path="profiles/%(DOMAIN_USER).V6"
mountpoint="~/win_profile"
options="sec=krb5i,cruid=%(USERUID)"
/>
</pam_mount>

61
roles/ad_joined/tasks/main_lin.yml
View file

@ -1,21 +1,35 @@
- name: Enable create homedir on login
command: pam-auth-update --enable mkhomedir
become: true
- name: Install required packages
apt:
name:
- realmd
- sssd
- libpam-mount
- heimdal-clients
- name: Remove krb5-user
apt:
name:
krb5-user
state: absent
- name: Set OU
set_fact:
ou_path: "OU={{locations[0]}},OU=Ucilnice"
- name: Show state
debug:
msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}"
# - import_tasks: ne_sysprep.yaml
- name: "Rename"
# Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom
hostname:
name: "{{inventory_hostname}}"
register: hostname_res
- name: Check whether we already joined
command: /bin/bash -c "/usr/sbin/realm list"
register: realm_list_results
- name: Set OU
set_fact:
ou_path: "OU={{locations[0]}},OU=Ucilnice"
- name: Show state
debug:
msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}"
# - import_tasks: ne_sysprep.yaml
- name: "Rename"
# Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom
hostname:
name: "{{inventory_hostname}}"
register: hostname_res
- name: Join using realmd
expect:
@ -32,3 +46,20 @@
owner: root
mode: 0600
- name: Configure libpam-mount
copy:
src: pam_mount.conf.xml
dest: /etc/security/pam_mount.conf.xml
- name: Enable libpam-mount
command: pam-auth-update --enable libpam-mount
become: true
- name: Disable libpam-mkhomedir
command: pam-auth-update --disable mkhomedir
become: true
- name: Restart sssd
service:
name: sssd
state: restarted

9
roles/ad_joined/tasks/main_win.yml
View file

@ -1,18 +1,22 @@
- name: Set OU
set_fact:
ou_path: "OU={{locations[0]}},OU=Ucilnice,DC=fri1,DC=uni-lj,DC=si"
- name: "Rename"
# Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom
win_hostname:
name: "{{inventory_hostname}}"
register: hostname_res
- name: "Reboot after hostname change"
win_reboot:
when: hostname_res.reboot_required
- name: Stop Windows Update Service
win_service:
name: wuauserv
state: stopped
- name: Clear WSUS ID from registry
win_regedit:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
@ -24,10 +28,12 @@
- AccountDomainSid
- SusClientId
- SusClientIDValidation
- name: Start Windows Update Service
win_service:
name: wuauserv
state: started
- name: "Join domain"
win_domain_membership:
domain_admin_user: "{{adjoin_user}}"
@ -37,12 +43,15 @@
hostname: "{{inventory_hostname}}"
state: domain
register: domain_state
- name: Reset WSUS authorization
win_command: wuauclt.exe /resetauthorization /detectnow
ignore_errors: yes
- name: Update windows
win_command: wuauclt.exe /updatenow
ignore_errors: yes
- name: Reboot
win_command: "shutdown /r"
when: domain_state.reboot_required

1
roles/ad_joined/templates/sssd.conf
View file

@ -29,3 +29,4 @@ ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
krb5_ccname_template = FILE:%d/krb5cc_%U