--- authentication.pm.orig 2009-03-27 11:25:48.000000000 +0100 +++ authentication.pm 2009-03-27 12:49:18.000000000 +0100 @@ -53,7 +53,7 @@ LDAP => [ 'openldap-clients', 'nss_ldap', 'pam_ldap', 'autofs', 'nss_updatedb' ], KRB5 => [ 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'nss_updatedb' ], NIS => [ 'ypbind', 'autofs' ], - winbind => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'samba-server' ], + winbind => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi' ], ); @@ -128,10 +128,10 @@ ]) or return; } elsif ($kind eq 'KRB5') { - $authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME}; + $authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME}; $in->do_pkgs->ensure_are_installed([ 'perl-Net-DNS' ], 1) or return; - my @srvs = query_srv_names($authentication->{AD_domain}); - $authentication->{AD_server} ||= $srvs[0] if @srvs; + my @srvs = query_srv_names($authentication->{AD_domain}); #FIXME: update this list if the REALM has changed + $authentication->{AD_server} ||= $srvs[0] if @srvs; my $AD_user = $authentication->{AD_user} =~ /(.*)\@\Q$authentication->{AD_domain}\E$/ ? $1 : $authentication->{AD_user}; $authentication->{ccreds} = 1; @@ -142,10 +142,10 @@ {}, { label => N("Realm "), val => \$authentication->{AD_domain} }, {}, - { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0, title => 1 }, + { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0, title => 1 }, {}, - { text => N("Use DNS to resolve hosts for realms "), val => \$authentication->{KRB_host_lookup}, type => 'bool' }, - { text => N("Use DNS to resolve KDCs for realms "), val => \$authentication->{KRB_dns_lookup}, type => 'bool' }, + { text => N("Use DNS to find KDC for a REALM"), val => \$authentication->{KRB_host_lookup}, type => 'bool' }, + { text => N("Use DNS to find realms"), val => \$authentication->{KRB_dns_lookup}, type => 'bool' }, { text => N("Use Disconnect mode "), val => \$authentication->{ccreds}, type => 'bool' }, ]) or return; @@ -168,8 +168,8 @@ { text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool',, disabled => sub { $authentication->{nsskrb} eq "1" } }, { val => N("Download CA Certificate "), type => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 } }, { text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool', disabled => sub { $authentication->{nsskrb} eq "1" } }, - { label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} } }, - { label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} } }, + { label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { $authentication->{anonymous} } }, + { label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { $authentication->{anonymous} } }, {}, ]) or return; @@ -195,12 +195,12 @@ #- but networking is not setup yet necessarily # my @sec_domain = ( - "Windows NT4 Domain", "Windows Active Directory Domain", + "Windows NT4 Domain", ); - $authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME}; + $authentication->{DNS_domain} ||= $net->{resolv}{DOMAINNAME}; $authentication->{WINDOMAIN} ||= $net->{resolv}{DOMAINNAME}; $in->do_pkgs->ensure_are_installed([ 'samba-client' ], 1) or return; my @domains=list_domains(); @@ -215,8 +215,8 @@ { label => N("Domain Model "), val => \$authentication->{model}, list => \@sec_domain , not_edit => 1 }, {}, { label => N("Active Directory Realm "), val => \$authentication->{AD_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } }, - {}, - {}, + { label => N("DNS Domain"), val => \$authentication->{DNS_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } }, + { label => N("DC Server"), val => \$authentication->{AD_server} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } }, {}, ]) or return; } @@ -403,20 +403,19 @@ if ($authentication->{model} eq "Windows NT4 Domain") { - require fs::remote::smb; - fs::remote::smb::write_smb_conf($domain); - run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); - mkdir_p("$::prefix/home/$domain"); - run_program::rooted($::prefix, 'service', 'smb', 'restart'); - run_program::rooted($::prefix, 'service', 'winbind', 'restart'); + require fs::remote::smb; + fs::remote::smb::write_smb_conf($domain); + run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); + mkdir_p("$::prefix/home/$domain"); + run_program::rooted($::prefix, 'service', 'winbind', 'restart'); - #- defer running smbpassword until the network is up + #- defer running smbpassword until the network is up - $when_network_is_up->(sub { - run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, - #'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}); - 'echo', '"', 'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}, '"'); - }); + $when_network_is_up->(sub { + run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, + #'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}); + 'echo', '"', 'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}, '"'); + }); output($conf_file, <{AD_server} ||= 'ads.' . $authentication->{AD_domain}; + my $domain = uc $authentication->{WINDOMAIN}; + my $realm = $authentication->{AD_domain}; + ($authentication->{winuser}, $authentication->{winpass}) = auth(); + configure_krb5_for_AD($authentication); - $authentication->{AD_server} ||= 'ads.' . $authentication->{AD_domain}; - my $domain = uc $authentication->{WINDOMAIN}; - my $realm = $authentication->{AD_domain}; - ($authentication->{winuser}, $authentication->{winpass}) = auth(); - configure_krb5_for_AD($authentication); - - require fs::remote::smb; - fs::remote::smb::write_smb_ads_conf($domain,$realm); - run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); - mkdir_p("$::prefix/home/$domain"); - run_program::rooted($::prefix, 'net', 'time', 'set', '-S', $authentication->{AD_server}); - run_program::rooted($::prefix, 'service', 'smb', 'restart'); - run_program::rooted($::prefix, 'service', 'winbind', 'restart'); + require fs::remote::smb; + fs::remote::smb::write_smb_ads_conf($domain,$realm); + run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); + mkdir_p("$::prefix/home/$domain"); + run_program::rooted($::prefix, 'net', 'time', 'set', '-S', $authentication->{AD_server}); - $when_network_is_up->(sub { - run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, + $when_network_is_up->(sub { + run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, 'net', 'ads', 'join', '-U', $authentication->{winuser} . '%' . $authentication->{winpass}); + run_program::rooted($::prefix, 'service', 'winbind', 'restart'); }); - +#FIXME: perhaps save the defaults values ? output($conf_file, <{AD_server}:88 admin_server = $authentication->{AD_server}:749 - default_domain = $authentication->{AD_domain} + default_domain = $authentication->{DNS_domain} } EOF domain_realm => <{AD_domain} = $uc_domain + .$authentication->{DNS_domain} = $uc_domain + $authentication->{DNS_domain} = $uc_domain EOF kdc => <<'EOF', profile = /etc/kerberos/krb5kdc/kdc.conf