SW/samba-member
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Generate krb5.conf and persist krb5.keytab.
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
FIX echo -e to not output -e to files (switch to bash)
This commit is contained in:
Roman Vaníček
2022-12-14 13:10:54 +01:00
parent 2dccffb7db
commit 94ecdf7d94
1 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/bin/sh -e
#!/bin/bash -e
# Loosely based on https://github.com/fjudith/docker-samba-join-ad/tree/master/sssd
@@ -18,7 +18,7 @@ fi
echo " Starting system message bus"
/etc/init.d/dbus start
if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
if [ ! -f /etc/samba/krb5.keytab ]; then
if [ ! -f /run/secrets/$ADMIN_PASSWORD_SECRET ]; then
echo 'Cannot read secret $ADMIN_PASSWORD_SECRET in /run/secrets'
exit 1
@@ -30,10 +30,22 @@ if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
# realm join is broken as it requires --privileged but difficult to add for swarm
# so it can execute /usr/sbin/adcli. Therefore we execute it directly and create
# the /etc/sssd/sssd.conf manually
# the /etc/krb5.conf and /etc/sssd/sssd.conf manually
# echo $ADMIN_PASSWORD|realm join -v $REALM --user=Administrator
echo $ADMIN_PASSWORD|/usr/sbin/adcli join --verbose --domain $DOMAIN --domain-realm $REALM --login-type user --login-user $ADMIN_ACCOUNT --stdin-password
echo -e "[sssd] \n\
mv /etc/krb5.keytab /etc/samba/
#mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
echo 'root = administrator' > /etc/samba/smbusers
fi
if [ ! -L /etc/krb5.keytab ]; then
ln -s /etc/samba/krb5.keytab /etc/krb5.keytab
fi
echo -e "[libdefaults]\ndefault_realm = $REALM" > /etc/krb5.conf
echo -e "[sssd] \n\
domains = $DOMAIN \n\
config_file_version = 2 \n\
services = nss, pam \n\
@@ -51,15 +63,12 @@ use_fully_qualified_names = True \n\
ldap_id_mapping = True \n\
access_provider = ad" > /etc/sssd/sssd.conf
# SSSD is picky about the mask and fails to start otherwise
chmod 600 /etc/sssd/sssd.conf
# SSSD is picky about the mask and fails to start otherwise
chmod 600 /etc/sssd/sssd.conf
# FIX SSSD service by removing non-existent -f option
sed -i "s:DAEMON_OPTS\=\"\-D \-f\":DAEMON_OPTS=\"-D\":" /etc/default/sssd
# FIX SSSD service by removing non-existent -f option
sed -i "s:DAEMON_OPTS\=\"\-D \-f\":DAEMON_OPTS=\"-D\":" /etc/default/sssd
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
echo 'root = administrator' > /etc/samba/smbusers
fi
mkdir -p -m 700 /etc/samba/conf.d
for file in /etc/samba/smb.conf; do
sed -e "s:{{ ALLOW_DNS_UPDATES }}:$ALLOW_DNS_UPDATES:" \