Init fvs branch with LDAP auth and mk-homedir.
This commit is contained in:
Andreas B. Mundt
parent
9264deb90d
commit
ddb8ff11d3
5 changed files with 93 additions and 0 deletions
23
kiosk_mkhome.yml
Normal file
23
kiosk_mkhome.yml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
# This playbook deploys a kiosk-computer
|
||||
|
||||
- name: apply configuration to the machines
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
vars:
|
||||
auto_user: debi
|
||||
wifi_ssid: "YOUR SSID HERE"
|
||||
wifi_passwd: "YOUR WIFI-PW HERE"
|
||||
extra_pkgs:
|
||||
- webext-privacy-badger
|
||||
- webext-ublock-origin
|
||||
extra_pkgs_bpo: [] # [ libreoffice ]
|
||||
|
||||
roles:
|
||||
- up2date-debian
|
||||
## Choose either gnome or KDE:
|
||||
- gnome
|
||||
#- kde
|
||||
- kiosk
|
||||
- fvs-client-mkhome
|
||||
2
roles/fvs-client-mkhome/defaults/main.yml
Normal file
2
roles/fvs-client-mkhome/defaults/main.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
basedn: "ou=Benutzer,ou=fvs,ou=SCHULEN,o=ml3"
|
||||
ldap_server: ldap.steinbeisschule-reutlingen.de
|
||||
8
roles/fvs-client-mkhome/handlers/main.yml
Normal file
8
roles/fvs-client-mkhome/handlers/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
- name: restart sssd
|
||||
service: name=sssd state=restarted enabled=yes
|
||||
listen: "restart sssd"
|
||||
|
||||
- name: reload systemd
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
listen: "reload systemd"
|
||||
40
roles/fvs-client-mkhome/tasks/main.yml
Normal file
40
roles/fvs-client-mkhome/tasks/main.yml
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
- name: install needed packages
|
||||
apt:
|
||||
name:
|
||||
- sssd-ldap
|
||||
state: latest
|
||||
|
||||
- name: add URI to ldap.conf
|
||||
lineinfile:
|
||||
dest: /etc/ldap/ldap.conf
|
||||
line: "URI ldaps://{{ ldap_server }}/"
|
||||
insertafter: "#URI.*"
|
||||
|
||||
- name: add BASE to ldap.conf
|
||||
lineinfile:
|
||||
dest: /etc/ldap/ldap.conf
|
||||
line: "BASE {{ basedn }}"
|
||||
insertafter: "#BASE.*"
|
||||
|
||||
#- name: enable pam_umask
|
||||
# lineinfile:
|
||||
# dest: /etc/pam.d/common-session
|
||||
# line: "session optional pam_umask.so usergroups"
|
||||
|
||||
- name: enable pam_mkhomedir.so
|
||||
lineinfile:
|
||||
dest: /etc/pam.d/common-session
|
||||
line: "session optional pam_mkhomedir.so"
|
||||
insertafter: "# end of pam-auth-update config"
|
||||
|
||||
# command: /usr/sbin/pam-auth-update --enable mkhomedir
|
||||
|
||||
## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
|
||||
|
||||
- name: provide identities from directory
|
||||
template:
|
||||
src: sssd.conf.j2
|
||||
dest: /etc/sssd/sssd.conf
|
||||
mode: 0600
|
||||
notify: restart sssd
|
||||
20
roles/fvs-client-mkhome/templates/sssd.conf.j2
Normal file
20
roles/fvs-client-mkhome/templates/sssd.conf.j2
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
[sssd]
|
||||
domains = LDAP
|
||||
config_file_version = 2
|
||||
services = nss, pam
|
||||
|
||||
[nss]
|
||||
filter_groups = root
|
||||
filter_users = root
|
||||
|
||||
[pam]
|
||||
|
||||
[domain/LDAP]
|
||||
id_provider = ldap
|
||||
ldap_uri = ldaps://{{ ldap_server }}/
|
||||
ldap_search_base = {{ basedn }}
|
||||
|
||||
auth_provider = ldap
|
||||
cache_credentials = true
|
||||
|
||||
ldap_tls_reqcert = never
|
||||
Loading…
Add table
Reference in a new issue