Add user homes on CIFS on Linux
This commit is contained in:
		
							parent
							
								
									beb1dbb757
								
							
						
					
					
						commit
						957cd67eb7
					
				
					 4 changed files with 76 additions and 15 deletions
				
			
		
							
								
								
									
										20
									
								
								roles/ad_joined/files/pam_mount.conf.xml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								roles/ad_joined/files/pam_mount.conf.xml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,20 @@ | ||||||
|  | <?xml version="1.0" encoding="utf-8" ?> | ||||||
|  | <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> | ||||||
|  | 
 | ||||||
|  | <pam_mount> | ||||||
|  |   <!-- Example using CIFS --> | ||||||
|  |   <volume | ||||||
|  |       fstype="cifs" | ||||||
|  |       server="ucilnicesmb.fri1.uni-lj.si" | ||||||
|  |       path="%(USER)" | ||||||
|  |       mountpoint="~/" | ||||||
|  |       options="sec=krb5i,cruid=%(USERUID)" | ||||||
|  |   /> | ||||||
|  |   <volume | ||||||
|  |       fstype="cifs" | ||||||
|  |       server="ucilnicesmb.fri1.uni-lj.si" | ||||||
|  |       path="profiles/%(DOMAIN_USER).V6" | ||||||
|  |       mountpoint="~/win_profile" | ||||||
|  |       options="sec=krb5i,cruid=%(USERUID)" | ||||||
|  |   /> | ||||||
|  | </pam_mount> | ||||||
|  | @ -1,22 +1,36 @@ | ||||||
| - name: Enable create homedir on login | - name: Install required packages | ||||||
|   command: pam-auth-update --enable mkhomedir |   apt: | ||||||
|   become: true |     name: | ||||||
| - name: Check whether we already joined |       - realmd | ||||||
|   command: /bin/bash -c "/usr/sbin/realm list" |       - sssd | ||||||
|   register: realm_list_results |       - libpam-mount | ||||||
|  |       - heimdal-clients | ||||||
|  | 
 | ||||||
|  | - name: Remove krb5-user | ||||||
|  |   apt: | ||||||
|  |     name: | ||||||
|  |       krb5-user | ||||||
|  |     state: absent | ||||||
|  | 
 | ||||||
| - name: Set OU | - name: Set OU | ||||||
|   set_fact: |   set_fact: | ||||||
|     ou_path: "OU={{locations[0]}},OU=Ucilnice" |     ou_path: "OU={{locations[0]}},OU=Ucilnice" | ||||||
|  | 
 | ||||||
| - name: Show state | - name: Show state | ||||||
|   debug: |   debug: | ||||||
|     msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}" |     msg: "Host: {{inventory_hostname}}, OU: {{ou_path}}" | ||||||
|   # - import_tasks: ne_sysprep.yaml |   # - import_tasks: ne_sysprep.yaml | ||||||
|  | 
 | ||||||
| - name: "Rename" | - name: "Rename" | ||||||
|   # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom |   # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom | ||||||
|   hostname: |   hostname: | ||||||
|     name: "{{inventory_hostname}}" |     name: "{{inventory_hostname}}" | ||||||
|   register: hostname_res |   register: hostname_res | ||||||
| 
 | 
 | ||||||
|  | - name: Check whether we already joined | ||||||
|  |   command: /bin/bash -c "/usr/sbin/realm list" | ||||||
|  |   register: realm_list_results | ||||||
|  | 
 | ||||||
| - name: Join using realmd | - name: Join using realmd | ||||||
|   expect: |   expect: | ||||||
|     command: realm join --user={{ad_join_user}} --computer-ou={{ou_path}} FRI1.UNI-LJ.SI |     command: realm join --user={{ad_join_user}} --computer-ou={{ou_path}} FRI1.UNI-LJ.SI | ||||||
|  | @ -32,3 +46,20 @@ | ||||||
|     owner: root |     owner: root | ||||||
|     mode: 0600 |     mode: 0600 | ||||||
| 
 | 
 | ||||||
|  | - name: Configure libpam-mount | ||||||
|  |   copy: | ||||||
|  |     src: pam_mount.conf.xml | ||||||
|  |     dest: /etc/security/pam_mount.conf.xml | ||||||
|  | 
 | ||||||
|  | - name: Enable libpam-mount | ||||||
|  |   command: pam-auth-update --enable libpam-mount | ||||||
|  |   become: true | ||||||
|  | 
 | ||||||
|  | - name: Disable libpam-mkhomedir | ||||||
|  |   command: pam-auth-update --disable mkhomedir | ||||||
|  |   become: true | ||||||
|  | 
 | ||||||
|  | - name: Restart sssd | ||||||
|  |   service: | ||||||
|  |     name: sssd | ||||||
|  |     state: restarted | ||||||
|  |  | ||||||
|  | @ -1,18 +1,22 @@ | ||||||
| - name: Set OU | - name: Set OU | ||||||
|   set_fact: |   set_fact: | ||||||
|     ou_path: "OU={{locations[0]}},OU=Ucilnice,DC=fri1,DC=uni-lj,DC=si" |     ou_path: "OU={{locations[0]}},OU=Ucilnice,DC=fri1,DC=uni-lj,DC=si" | ||||||
|  | 
 | ||||||
| - name: "Rename" | - name: "Rename" | ||||||
|   # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom |   # Racunalnik najprej preimenujmo, da ne bosta v domeni obenem 2 z istim imenom | ||||||
|   win_hostname: |   win_hostname: | ||||||
|     name: "{{inventory_hostname}}" |     name: "{{inventory_hostname}}" | ||||||
|   register: hostname_res |   register: hostname_res | ||||||
|  | 
 | ||||||
| - name: "Reboot after hostname change" | - name: "Reboot after hostname change" | ||||||
|   win_reboot: |   win_reboot: | ||||||
|   when: hostname_res.reboot_required |   when: hostname_res.reboot_required | ||||||
|  | 
 | ||||||
| - name: Stop Windows Update Service | - name: Stop Windows Update Service | ||||||
|   win_service:  |   win_service:  | ||||||
|     name: wuauserv |     name: wuauserv | ||||||
|     state: stopped |     state: stopped | ||||||
|  | 
 | ||||||
| - name: Clear WSUS ID from registry | - name: Clear WSUS ID from registry | ||||||
|   win_regedit:  |   win_regedit:  | ||||||
|     path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate |     path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate | ||||||
|  | @ -24,10 +28,12 @@ | ||||||
|     - AccountDomainSid |     - AccountDomainSid | ||||||
|     - SusClientId |     - SusClientId | ||||||
|     - SusClientIDValidation |     - SusClientIDValidation | ||||||
|  | 
 | ||||||
| - name: Start Windows Update Service | - name: Start Windows Update Service | ||||||
|   win_service:  |   win_service:  | ||||||
|     name: wuauserv |     name: wuauserv | ||||||
|     state: started |     state: started | ||||||
|  | 
 | ||||||
| - name: "Join domain" | - name: "Join domain" | ||||||
|   win_domain_membership: |   win_domain_membership: | ||||||
|     domain_admin_user: "{{adjoin_user}}" |     domain_admin_user: "{{adjoin_user}}" | ||||||
|  | @ -37,12 +43,15 @@ | ||||||
|     hostname: "{{inventory_hostname}}" |     hostname: "{{inventory_hostname}}" | ||||||
|     state: domain |     state: domain | ||||||
|   register: domain_state |   register: domain_state | ||||||
|  | 
 | ||||||
| - name: Reset WSUS authorization | - name: Reset WSUS authorization | ||||||
|   win_command: wuauclt.exe /resetauthorization /detectnow |   win_command: wuauclt.exe /resetauthorization /detectnow | ||||||
|   ignore_errors: yes |   ignore_errors: yes | ||||||
|  | 
 | ||||||
| - name: Update windows | - name: Update windows | ||||||
|   win_command: wuauclt.exe /updatenow |   win_command: wuauclt.exe /updatenow | ||||||
|   ignore_errors: yes |   ignore_errors: yes | ||||||
|  | 
 | ||||||
| - name: Reboot | - name: Reboot | ||||||
|   win_command: "shutdown /r" |   win_command: "shutdown /r" | ||||||
|   when: domain_state.reboot_required |   when: domain_state.reboot_required | ||||||
|  |  | ||||||
|  | @ -29,3 +29,4 @@ ldap_id_mapping = True | ||||||
| use_fully_qualified_names = True | use_fully_qualified_names = True | ||||||
| fallback_homedir = /home/%u@%d | fallback_homedir = /home/%u@%d | ||||||
| access_provider = ad | access_provider = ad | ||||||
|  | krb5_ccname_template = FILE:%d/krb5cc_%U | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Gašper Fele-Žorž
						Gašper Fele-Žorž