====== Ubuntu automatisch als Client im Skolelinux-Netzwerk einrichten ====== Das folgende Script führt die im Artikel [[ubuntuclients]] beschriebenen Aktionen automatisch aus. Die manuellen Eingaben zur Konfiguration werden bei diesem Script durch [[http://debiananwenderhandbuch.de/debconf.html|debconf-set-selections]] gesetzt. Um das Script auszuführen, wechselt man am Besten mit <code terminal> sudo su </code> auf die root-Shell und führt dann <code terminal> sh ubuntu-debian-edu-ldap.sh </code> aus.. <file -bash ubuntu-debian-edu-ldap.sh> #!/bin/sh ######################################################### ######################################################### # LDAP-Server ldapserver=ldap.intern basedn=dc=skole,dc=skolelinux,dc=no sudoersbase=ou=sudoers,$basedn cert=/etc/ldap/ssl/ldap-server-pubkey.pem ######################################################### ######################################################### # libnss-ldapd echo "Setting values for package 'libnss-ldapd'" echo "libnss-ldapd libnss-ldapd/nsswitch multiselect group, hosts, netgroup, networks, passwd, services, shadow" | debconf-set-selections echo "libnss-ldapd:i386 libnss-ldapd/nsswitch multiselect group, hosts, netgroup, networks, passwd, services, shadow" | debconf-set-selections # libpam-ldapd echo "Setting values for package 'libpam-ldapd'" echo "libpam-runtime libpam-runtime/profiles multiselect krb5, unix, ldap, gnome-keyring, consolekit, capability" | debconf-set-selections # nslcd echo "Setting values for package 'nslcd'" echo "nslcd nslcd/ldap-base string $basedn" | debconf-set-selections echo "nslcd nslcd/ldap-uris string ldap://$ldapserver" | debconf-set-selections # ldap-auth-config echo "Setting values for package 'ldap-auth-config'" echo "ldap-auth-config ldap-auth-config/ldapns/ldap-server string $ldapserver" | debconf-set-selections echo "ldap-auth-config ldap-auth-config/ldapns/base-dn string $basedn" | debconf-set-selections echo "ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3" | debconf-set-selections echo "ldap-auth-config ldap-auth-config/dbrootlogin boolean false" | debconf-set-selections echo "ldap-auth-config ldap-auth-config/dblogin boolean false" | debconf-set-selections echo "ldap-auth-config ldap-auth-config/pam_password select clear" | debconf-set-selections # Kerberos echo "Setting values for package 'Kerberos'" echo "krb5-config krb5-config/default_realm string INTERN" | debconf-set-selections echo "krb5-config krb5-config/add_servers_realm string INTERN" | debconf-set-selections # packages installation echo "Install packages: libnss-ldapd libpam-ldapd auth-client-config ldap-auth-client ldap-auth-config nslcd nscd libpam-ck-connector libpam-krb5 krb5-user libsasl2-modules-gssapi-mit autofs autofs-ldap" apt-get install -y libnss-ldapd libpam-ldapd auth-client-config ldap-auth-client ldap-auth-config nslcd nscd libpam-ck-connector libpam-krb5 krb5-user libsasl2-modules-gssapi-mit autofs autofs-ldap # activate LDAP-support for pam system auth-client-config -t nss -p lac_ldap # Create /etc/ldap/ldap.conf echo "HOST $ldapserver" > /etc/ldap/ldap.conf echo "SUDOERS_BASE $sudoersbase" >> /etc/ldap/ldap.conf echo "BASE $basedn" >> /etc/ldap/ldap.conf echo "TLS_REQCERT demand" >> /etc/ldap/ldap.conf echo "TLS_CACERT $cert" >> /etc/ldap/ldap.conf # Get ldap-certificate from tjener # Create folder for cert echo "Getting ldap-certificate from $ldapserver" pathcert=$(dirname "$cert") mkdir -p $pathcert # This part contains on a script from deb-package debian-edu-config (http://packages.debian.org/squeeze/debian-edu-config), # located in debian-edu-config/ldap-tools/ldap-server-getcert. # It is written by Petter Reinholdtsen and licensed under GPL 2 or later echo | openssl s_client \ -connect "$ldapserver:636" 2>/dev/null | \ awk '/^-----BEGIN CERTIFICATE-----$/ { yes=1 } yes { print } /^-----END CERTIFICATE-----$/ { yes=0 }' >> $cert # end ldap-server-getcert # Sudoers from ldap echo "Configure sudo-ldap" export SUDO_FORCE_REMOVE=yes apt-get -y install sudo-ldap export SUDO_FORCE_REMOVE=no ln -sf /etc/ldap/ldap.conf /etc/sudo-ldap.conf echo 'sudoers: files ldap' >> /etc/nsswitch.conf # Group permissions echo "Setting up group permissions" echo '* ; * ; * ; Al0000-2400 ; floppy, audio, cdrom, video, usb, plugdev, users' >> /etc/security/group.conf # Automount echo "Setting up automount" echo "LDAPURI=ldap://$ldapserver" >> /etc/default/autofs echo 'automount: files ldap' >> /etc/nsswitch.conf echo "Create mountpoint /skole" mkdir /skole # lightdm echo "Configure lightDM" /usr/lib/lightdm/lightdm-set-defaults --show-manual-login true /usr/lib/lightdm/lightdm-set-defaults --hide-users true /etc/init.d/nscd restart /etc/init.d/nslcd restart /etc/init.d/autofs restart </file>

Diskussion

Geben Sie Ihren Kommentar ein. Wiki-Syntax ist zugelassen:
112 +14 = ?
 
 
skolelinux/ubuntuclientscript.txt · Zuletzt geändert: 2013/04/03 08:44 von admin