Remove SSSD

Dockerfile

@@ -37,22 +37,20 @@ RUN apt-get -y update && \
         samba-dsdb-modules \
         samba-client \
         samba-vfs-modules \
-        ldb-tools \
         logrotate \
         attr \
         libpam-mount \
-        policykit-1 \
-        packagekit \
-        sssd \
-        sssd-tools \
-        libnss-sss \
-        libpam-sss \
-        adcli \
+#        policykit-1 \
+#        packagekit \
+#        sssd \
+#        sssd-tools \
+#        libnss-sss \
+#        libpam-sss \
         supervisor \
         cups && \
     apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
-    systemctl enable sssd
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+#    systemctl enable sssd
 
 #RUN chmod 777 /home
 

entrypoint.sh

@@ -42,32 +42,7 @@ if [ ! -L /etc/krb5.keytab ]; then
   ln -s /etc/samba/krb5.keytab /etc/krb5.keytab
 fi
 
-echo -e "[libdefaults]\ndefault_realm = $REALM" > /etc/krb5.conf
-
-echo -e "[sssd] \n\
-domains = $DOMAIN \n\
-config_file_version = 2 \n\
-services = nss, pam \n\
-default_domain_suffix = $DOMAIN \n\
-\n\
-[domain/$DOMAIN] \n\
-default_shell = /bin/bash \n\
-krb5_store_password_if_offline = True \n\
-cache_credentials = True \n\
-krb5_realm = $REALM \n\
-realmd_tags = manages-system joined-with-adcli \n\
-id_provider = ad \n\
-fallback_homedir = /home/%u@%d \n\
-ad_domain = $DOMAIN \n\
-use_fully_qualified_names = True \n\
-ldap_id_mapping = True \n\
-access_provider = ad" > /etc/sssd/sssd.conf
-
-# SSSD is picky about the mask and fails to start otherwise
-chmod 600 /etc/sssd/sssd.conf
-
-# FIX SSSD service by removing non-existent -f option
-sed -i "s:DAEMON_OPTS\=\"\-D \-f\":DAEMON_OPTS=\"-D\":" /etc/default/sssd
+echo -e "[libdefaults]\ndefault_realm = $REALM\ndns_lookup_realm = false\ndns_lookup_kdc = true" > /etc/krb5.conf
 
 mkdir -p -m 700 /etc/samba/conf.d
 for file in /etc/samba/smb.conf; do
@@ -88,11 +63,6 @@ for file in $(ls -A /etc/samba/conf.d/*.conf); do
   echo "include = $file" >> /etc/samba/smb.conf
 done
 
-#echo "Starting: \"sssd\""
-#cat /etc/sssd/sssd.conf
-#timeout 30s /etc/init.d/sssd restart
-#timeout 30s /etc/init.d/sssd status
-
 #echo "Activating home directory auto-creation"
 #echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | tee -a /etc/pam.d/common-session
 
@@ -115,7 +85,7 @@ if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
   echo "Joining domain using net ads"
   mkdir -p /var/lib/samba/private
   mkdir -p /var/lib/samba/printerdrivers
-  net ads join -U"$ADMIN_ACCOUNT"%"$ADMIN_PASSWORD"
+  net ads join --no-dns-updates -U"$ADMIN_ACCOUNT"%"$ADMIN_PASSWORD"
 
   # Shares are not visible otherwise
   #chmod 666 /var/lib/samba/share_info.tdb

smb.conf.j2

@@ -37,6 +37,7 @@
 	rpc start on demand helpers = false
 	printing = cups
 	load printers = yes
+	server services = +spoolss
 	dcerpc endpoint servers = +spoolss
 	rpcd_spoolss:idle_seconds=300