Move to ubuntu kinetic and fix nsswitch.conf

2022-12-19 19:46:18 +01:00
parent 70f316cea0
commit 409c084d44
3 changed files with 16 additions and 44 deletions
--- a/40
+++ b/40
@@ -1,5 +1,5 @@
 #FROM debian:bookworm
-FROM ubuntu:jammy
+FROM ubuntu:kinetic

 MAINTAINER Roman VANICEK <roman.vanicek@ivasoft.cz>

@@ -17,15 +17,12 @@ ENV ADMIN_PASSWORD_SECRET=samba-admin-password \
    WINBIND_USE_DEFAULT_DOMAIN=yes \
    WORKGROUP=AD

+COPY entrypoint.sh /entrypoint.sh
+
 RUN apt-get -y update && \
    DEBIAN_FRONTEND=noninteractive apt-get -yqq --no-install-recommends install \
-#        resolvconf \
-#        dnsutils \
-#        vim \
        nano \
-#        crudini \
-#        dbus \
-#        realmd \
+        tzdata \
        acl \
        krb5-user \
        libpam-krb5 \
@@ -41,25 +38,15 @@ RUN apt-get -y update && \
        logrotate \
        attr \
        libpam-mount \
-#        policykit-1 \
-#        packagekit \
-#        sssd \
-#        sssd-tools \
-#        libnss-sss \
-#        libpam-sss \
        supervisor \
        cups && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-#    systemctl enable sssd
-
-#RUN chmod 777 /home
-
-COPY *.conf.j2 /root/
-COPY entrypoint.sh /entrypoint.sh
-COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-
-RUN chmod +x /entrypoint.sh && \
+	apt-get clean && \
+	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
+	\
+	chmod +x /entrypoint.sh && \
+	sed -E -i "s:^(passwd\:\s*files\s*)$:\1 winbind:" /etc/nsswitch.conf && \
+	sed -E -i "s:^(group\:\s*files\s*)$:\1 winbind:" /etc/nsswitch.conf && \
+	pam-auth-update --package && \
 	mkdir -p /etc/cups-persist/ppd && \
 	ln -s /etc/cups-persist/printers.conf /etc/cups/printers.conf && \
 	rmdir /etc/cups/ppd && \
@@ -68,6 +55,11 @@ RUN chmod +x /entrypoint.sh && \
 	sed -E -i "s:(Order allow\,deny):\1\n  Allow all:" /etc/cups/cupsd.conf && \
 	useradd guest

+#RUN chmod 777 /home
+
+COPY *.conf.j2 /root/
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
 VOLUME /etc/samba /var/lib/samba /etc/cups-persist

 EXPOSE 135 137 138 139 445 631 9100
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -15,9 +15,6 @@ if [ ! -f /etc/timezone ] && [ ! -z "$TZ" ]; then
  echo $TZ >/etc/timezone
 fi

-#echo " Starting system message bus"
-#/etc/init.d/dbus start
-
 if [ ! -f /etc/samba/krb5.keytab ]; then
  if [ ! -f /run/secrets/$ADMIN_PASSWORD_SECRET ]; then
    echo 'Cannot read secret $ADMIN_PASSWORD_SECRET in /run/secrets'
@@ -33,9 +30,6 @@ if [ ! -f /etc/samba/krb5.keytab ]; then
  # echo $ADMIN_PASSWORD|realm join -v $REALM --user=$ADMIN_ACCOUNT
  echo $ADMIN_PASSWORD|/usr/sbin/adcli join --verbose --domain $DOMAIN --domain-realm $REALM --login-type user --login-user $ADMIN_ACCOUNT --stdin-password
  mv /etc/krb5.keytab /etc/samba/
-
-  #mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
-  echo '!root = DOMA\Administrator DOMA\administrator Administrator administrator' > /etc/samba/smbusers
 fi

 if [ ! -L /etc/krb5.keytab ]; then    
@@ -66,15 +60,6 @@ done
 #echo "Activating home directory auto-creation"
 #echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | tee -a /etc/pam.d/common-session

-echo "Updating NSSwitch configuration: \"/etc/nsswitch.conf\""
-if [[ ! `grep "winbind" /etc/nsswitch.conf` ]]; then
-    sed -i "s#^\(passwd\:\s*compat\)\s*\(.*\)\$#\1 \2 winbind#" /etc/nsswitch.conf
-    sed -i "s#^\(group\:\s*compat\)\s*\(.*\)\$#\1 \2 winbind#" /etc/nsswitch.conf
-    sed -i "s#^\(shadow\:\s*compat\)\s*\(.*\)\$#\1 \2 winbind#" /etc/nsswitch.conf
-fi
-
-pam-auth-update --package
-
 if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
  if [ ! -f /run/secrets/$ADMIN_PASSWORD_SECRET ]; then
    echo 'Cannot read secret $ADMIN_PASSWORD_SECRET in /run/secrets'
@@ -97,7 +82,4 @@ touch /etc/cups-persist/printers.conf
 sed -i -E "s:^(lpadmin\:x\:[0-9]+\:)(.*)$:\1$ADMIN_ACCOUNT\,\2:" /etc/group

 echo 'Restarting Samba using supervisord'
-/etc/init.d/winbind stop
-/etc/init.d/nmbd stop
-/etc/init.d/smbd stop
 exec "$@"
--- a/smb.conf.j2
+++ b/smb.conf.j2
@@ -28,7 +28,6 @@
 	winbind refresh tickets = Yes
 	winbind use default domain = {{ WINBIND_USE_DEFAULT_DOMAIN }}
 	winbind expand groups = 4
-	##username map = /etc/samba/smbusers
 	guest account = guest

 	# disable usershares creating, when set empty no error log messages.
@@ -37,7 +36,6 @@
 	rpc start on demand helpers = false
 	printing = cups
 	load printers = yes
-	printcap name = /var/run/cups/printcap
 	server services = +spoolss
 	dcerpc endpoint servers = +spoolss
 	rpcd_spoolss:idle_seconds=300