diff --git a/CMakeLists.txt b/CMakeLists.txt index 80962f6..53a7ba8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,7 +14,7 @@ install(FILES README.md DESTINATION /usr/share/doc/domain_join/ ) set(CPACK_PACKAGE_NAME "domain-join") set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "meta package that automates domain join for ubuntu systems") -set(CPACK_PACKAGE_VERSION "1.0.14") +set(CPACK_PACKAGE_VERSION "1.0.15") set(SYSTEM_ARCH "all") set(CPACK_DEBIAN_PACKAGE_DEPENDS "realmd,sssd,sssd-tools,samba-common,packagekit,samba-common-bin,samba-libs,adcli,cifs-utils,libpam-mount,libpam-ccreds,findutils,dialog,libpam-sss,coreutils,xmlstarlet,smbclient,pcregrep,keyutils") diff --git a/README.md b/README.md index dfdb8d2..0d907aa 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,9 @@ # Why domain join? In a Enterprise environment it is state of the art to have a network that is managed by a domain controller. In Linux it can be a pain to join to a AD domain. In order to make it nearly as convenient as in windows to join the domain, this script has been written. # Installation -Download [here](https://github.com/majojoe/domain_join/releases/download/v1.0.14/domain-join-1.0.14-linux-amd64.deb) and install the \*.deb package provided using the following command: +Download [here](https://github.com/majojoe/domain_join/releases/download/v1.0.15/domain-join-1.0.15-linux-amd64.deb) and install the \*.deb package provided using the following command: ```bash -sudo apt install ./domain-join-1.0.14-linux-amd64.deb +sudo apt install ./domain-join-1.0.15-linux-amd64.deb ``` # Join a domain Execute the join script as so: diff --git a/src/domain_join.sh b/src/domain_join.sh index 889af98..cf53b8b 100644 --- a/src/domain_join.sh +++ b/src/domain_join.sh @@ -28,6 +28,7 @@ KRB5_CONF="/etc/krb5.conf" NSSWITCH_FILE="/etc/nsswitch.conf" DNS_IP="" NTP_SERVERS="" +SSSD_CONF_FILE="/etc/sssd/sssd.conf" if [ "$(id -u)" -ne 0 ]; then echo "This script must be run as root in order to join to the given domain. Exiting..." @@ -253,7 +254,7 @@ configure_shares() { for i in ${DRIVE_LIST}; do i=$(echo "${i}" | tr -d "'") MNT_POINT=$(echo "${i}" | tr -d '$') - MOUNT_STR="volume fstype=\"cifs\" server=\"${FILE_SERVER}\" path=\"${i}\" mountpoint=\"/media/%(USER)/${MNT_POINT}\" options=\"iocharset=utf8,nosuid,nodev,sec=krb5i,cruid=%(USERUID),${FILESERVER_OPTIONS}\" uid=\"5000-999999999\"" + MOUNT_STR="volume fstype=\"cifs\" server=\"${FILE_SERVER}\" path=\"${i}\" mountpoint=\"/media/%(USER)/${MNT_POINT}\" options=\"iocharset=utf8,nosuid,nodev,echo_interval=15,sec=krb5i,cruid=%(USERUID),${FILESERVER_OPTIONS}\" uid=\"5000-999999999\"" if [ -f "${PAM_MOUNT_FILE}" ]; then xmlstarlet ed --inplace -s '/pam_mount' -t elem -n "${MOUNT_STR}" "${PAM_MOUNT_FILE}" else @@ -356,12 +357,19 @@ set_std_groups_for_domain() { # add possibility to login with xrdp when used allow_xrdp_login() { # add some options to sssd.conf to allow login with xrdp - SSSD_CONF_FILE="/etc/sssd/sssd.conf" if [ -f ${SSSD_CONF_FILE} ]; then sed -i '/^\[domain\/.*/a ad_gpo_access_control = enforcing\nad_gpo_map_remote_interactive = +xrdp-sesman' "${SSSD_CONF_FILE}" fi } +# correct the krb5 template name +correct_krb5_template_name() { +# add some options to sssd.conf to allow login with xrdp + if [ -f ${SSSD_CONF_FILE} ]; then + sed -i '/^\[domain\/.*/a krb5_ccname_template=FILE:%d\/krb5cc_%U' "${SSSD_CONF_FILE}" + fi +} + # remove input method from /etc/sddm.conf file correct_input_method() { if [ -f "${SDDM_CONF_FILE}" ]; then @@ -508,6 +516,8 @@ set_std_groups_for_domain allow_xrdp_login +correct_krb5_template_name + #correct input method for sddm - no onscreen keyboard anymore (if sddm is used). correct_input_method