Skip to content

Instantly share code, notes, and snippets.

@jbouse
Last active August 1, 2021 06:21
Show Gist options
  • Save jbouse/28188ff993cb81cf775d to your computer and use it in GitHub Desktop.
Save jbouse/28188ff993cb81cf775d to your computer and use it in GitHub Desktop.
SSSD AD integration notes
Name: Create home directory during login
Default: yes
Priority: 0
Session-Interactive-Only: yes
Session-Type: Additional
Session-Final:
required pam_mkhomedir.so skel=/etc/skel umask=0022
[users]
default-home = /home/%U
default-shell = /bin/bash
[active-directory]
os-name = {{ grains.os }}
os-version = {{ grains.osrelease }}
[{{ realm }}]
fully-qualified-names = no
prereq_packages:
pkg.installed:
- pkgs:
- realmd
- krb5-user
- order: 1
- failhard: True
realmd_config:
file.managed:
- name: /etc/realmd.conf
- source: salt://{{ slspath }}/files/realmd.conf
- user: root
- group: root
- mode: 0644
- template: jinja
- require:
- pkg: realmd
pam_mkhomedir:
cmd.wait:
- name: pam-auth-update --package
- watch:
- file: pam_mkhomdir
file.managed:
- name: /usr/share/pam-configs/mkhomedir
- source: salt://{{ slspath }}/files/mkhomedir
- user: root
- group: root
- mode: 0644
kinit_admin:
cmd.run:
- name: echo ${KINIT_ADMIN_PASS} | kinit {{ admin_user }}
- env:
- KINIT_ADMIN_PASS: '{{ admin_pass }}'
- unless: kinit -s /tmp/krb5cc_0
- require:
- pkg: krb5-user
realm_join:
cmd.run:
- name: realm join {{ realm }}
- onlyif: realm discover --client-software=sssd {{ realm }} |grep -q 'configured: no'
- require:
- file: realmd_config
- cmd: kinit_admin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment