Ubuntu automatisch als Client im Skolelinux-Netzwerk einrichten

Das folgende Script führt die im Artikel Ubuntuclients an einen Skolelinuxserver anbinden beschriebenen Aktionen automatisch aus. Die manuellen Eingaben zur Konfiguration werden bei diesem Script durch debconf-set-selections gesetzt.

Um das Script auszuführen, wechselt man am Besten mit

sudo su

auf die root-Shell und führt dann

sh ubuntu-debian-edu-ldap.sh

aus..

ubuntu-debian-edu-ldap.sh
#!/bin/sh
 
#########################################################
#########################################################
# LDAP-Server
ldapserver=ldap.intern     
basedn=dc=skole,dc=skolelinux,dc=no
sudoersbase=ou=sudoers,$basedn
cert=/etc/ldap/ssl/ldap-server-pubkey.pem
#########################################################
#########################################################
 
 
 
# libnss-ldapd
echo "Setting values for package 'libnss-ldapd'"
 
echo "libnss-ldapd	libnss-ldapd/nsswitch	multiselect	group, hosts, netgroup, networks, passwd, services, shadow" | debconf-set-selections
echo "libnss-ldapd:i386	libnss-ldapd/nsswitch	multiselect	group, hosts, netgroup, networks, passwd, services, shadow" | debconf-set-selections
 
# libpam-ldapd
echo "Setting values for package 'libpam-ldapd'"
 
echo "libpam-runtime	libpam-runtime/profiles	multiselect	krb5, unix, ldap, gnome-keyring, consolekit, capability" | debconf-set-selections
 
# nslcd
echo "Setting values for package 'nslcd'"
 
echo "nslcd	nslcd/ldap-base	string	$basedn" | debconf-set-selections
echo "nslcd	nslcd/ldap-uris	string	ldap://$ldapserver" | debconf-set-selections
 
# ldap-auth-config
echo "Setting values for package 'ldap-auth-config'"
 
echo "ldap-auth-config	ldap-auth-config/ldapns/ldap-server	string	$ldapserver" | debconf-set-selections
echo "ldap-auth-config	ldap-auth-config/ldapns/base-dn	string	$basedn" | debconf-set-selections
echo "ldap-auth-config	ldap-auth-config/ldapns/ldap_version	select	3" | debconf-set-selections
echo "ldap-auth-config	ldap-auth-config/dbrootlogin	boolean	false" | debconf-set-selections
echo "ldap-auth-config	ldap-auth-config/dblogin	boolean	false" | debconf-set-selections
echo "ldap-auth-config	ldap-auth-config/pam_password	select	clear" | debconf-set-selections
 
# Kerberos
echo "Setting values for package 'Kerberos'"
 
echo "krb5-config	krb5-config/default_realm	string	INTERN" | debconf-set-selections
echo "krb5-config	krb5-config/add_servers_realm	string	INTERN" | debconf-set-selections
 
# packages installation
echo "Install packages: libnss-ldapd libpam-ldapd auth-client-config ldap-auth-client ldap-auth-config nslcd nscd libpam-ck-connector libpam-krb5 krb5-user libsasl2-modules-gssapi-mit autofs autofs-ldap"
 
apt-get install -y libnss-ldapd libpam-ldapd auth-client-config ldap-auth-client ldap-auth-config nslcd nscd libpam-ck-connector libpam-krb5 krb5-user libsasl2-modules-gssapi-mit autofs autofs-ldap
 
# activate LDAP-support for pam system
auth-client-config -t nss -p lac_ldap
 
 
# Create /etc/ldap/ldap.conf
echo "HOST $ldapserver" > /etc/ldap/ldap.conf
echo "SUDOERS_BASE $sudoersbase" >> /etc/ldap/ldap.conf
echo "BASE $basedn" >> /etc/ldap/ldap.conf
echo "TLS_REQCERT demand" >> /etc/ldap/ldap.conf
echo "TLS_CACERT $cert" >> /etc/ldap/ldap.conf
 
# Get ldap-certificate from tjener
# Create folder for cert
echo "Getting ldap-certificate from $ldapserver"
pathcert=$(dirname "$cert")
mkdir -p $pathcert
# This part contains on a script from deb-package debian-edu-config (http://packages.debian.org/squeeze/debian-edu-config), # located in debian-edu-config/ldap-tools/ldap-server-getcert. 
# It is written by Petter Reinholdtsen and licensed under GPL 2 or later
echo | openssl s_client \
    -connect "$ldapserver:636" 2>/dev/null | \
    awk '/^-----BEGIN CERTIFICATE-----$/ { yes=1 }
         yes { print }
         /^-----END CERTIFICATE-----$/ { yes=0 }' >> $cert
# end ldap-server-getcert
 
# Sudoers from ldap
echo "Configure sudo-ldap"
 
export SUDO_FORCE_REMOVE=yes
apt-get -y install sudo-ldap
export SUDO_FORCE_REMOVE=no
 
ln -sf /etc/ldap/ldap.conf /etc/sudo-ldap.conf
 
echo 'sudoers:      files ldap' >> /etc/nsswitch.conf
 
 
# Group permissions
echo "Setting up group permissions"
echo '* ; * ; * ; Al0000-2400 ; floppy, audio, cdrom, video, usb, plugdev, users' >> /etc/security/group.conf
 
# Automount
echo "Setting up automount"
echo "LDAPURI=ldap://$ldapserver" >> /etc/default/autofs
echo 'automount:      files ldap' >> /etc/nsswitch.conf
 
echo "Create mountpoint /skole"
mkdir /skole
 
# lightdm
echo "Configure lightDM"
/usr/lib/lightdm/lightdm-set-defaults --show-manual-login true
/usr/lib/lightdm/lightdm-set-defaults --hide-users true
 
/etc/init.d/nscd restart
/etc/init.d/nslcd restart
/etc/init.d/autofs restart

Diskussion

Geben Sie Ihren Kommentar ein. Wiki-Syntax ist zugelassen:
25 -6 = ?
 
 
skolelinux/ubuntuclientscript.txt · Zuletzt geändert: 2013/04/03 08:44 von admin