|
45 |
VERSION_CHECK=true |
45 |
VERSION_CHECK=true |
46 |
VERBOSE=false |
46 |
VERBOSE=false |
47 |
|
47 |
|
|
|
48 |
LOGFILE="/var/log/univention/join.log" |
49 |
log () { |
50 |
echo "$(LC_ALL=C date): $*" >>"$LOGFILE" |
51 |
} |
52 |
echo_right () { |
53 |
local text="$*" |
54 |
echo -e "\033[$((${COLUMNS:-80}-${#text}))G${text}" |
55 |
} |
56 |
|
48 |
trapOnExit() { |
57 |
trapOnExit() { |
49 |
rm -rf "$USERTMP" |
58 |
rm -rf "$USERTMP" |
50 |
if [ -n "$VERBOSE" -a "$VERBOSE" = "true" ]; then |
59 |
if [ -n "$VERBOSE" -a "$VERBOSE" = "true" ]; then |
51 |
if [ -n "$old_listener_debug_level" ]; then |
60 |
if [ -n "$old_listener_debug_level" ]; then |
52 |
ucr set listener/debug/level="$old_listener_debug_level" >>/var/log/univention/join.log 2>&1 |
61 |
ucr set listener/debug/level="$old_listener_debug_level" >>"$LOGFILE" 2>&1 |
53 |
fi |
62 |
fi |
54 |
fi |
63 |
fi |
55 |
echo "$(LC_ALL=C date): finish $0" >>/var/log/univention/join.log 2>&1 |
64 |
log "finish $0" |
56 |
} |
65 |
} |
57 |
|
66 |
|
58 |
trap trapOnExit EXIT |
67 |
trap trapOnExit EXIT |
|
72 |
-realm <kerberos realm>: Kerberos realm, e.g. TEST.LOCAL |
81 |
-realm <kerberos realm>: Kerberos realm, e.g. TEST.LOCAL |
73 |
-windom <windows domain name>: Name of the windows (samba) domain |
82 |
-windom <windows domain name>: Name of the windows (samba) domain |
74 |
-disableVersionCheck Disable version check against _dcname_ |
83 |
-disableVersionCheck Disable version check against _dcname_ |
75 |
-verbose Enable verbose logging (/var/log/univention/join.log) |
84 |
-verbose Enable verbose logging ($LOGFILE) |
76 |
|
85 |
|
77 |
-h | --help | -?: Print this usage message and exit program |
86 |
-h | --help | -?: Print this usage message and exit program |
78 |
--version: Print version information and exit program |
87 |
--version: Print version information and exit program |
Lines 127-143
download_host_certificate () {
|
Link Here
|
---|
|
127 |
univention-scp "$HOSTPWD" -q -r \ |
136 |
univention-scp "$HOSTPWD" -q -r \ |
128 |
"$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" \ |
137 |
"$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" \ |
129 |
"$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" \ |
138 |
"$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" \ |
130 |
/etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 |
139 |
/etc/univention/ssl/ >>"$LOGFILE" 2>&1 |
131 |
if [ -d "/etc/univention/ssl/$hostname" ] && [ -d "/etc/univention/ssl/$hostname.$domainname" ] |
140 |
if [ -d "/etc/univention/ssl/$hostname" ] && [ -d "/etc/univention/ssl/$hostname.$domainname" ] |
132 |
then |
141 |
then |
133 |
echo -e "\033[60Gdone" |
142 |
echo_right "done" |
134 |
return |
143 |
return |
135 |
fi |
144 |
fi |
136 |
echo -n "." |
145 |
echo -n "." |
137 |
sleep $delay |
146 |
sleep $delay |
138 |
done |
147 |
done |
139 |
|
148 |
|
140 |
echo "failed" |
149 |
echo_right "failed" |
141 |
failed_message "failed to get host certificate" |
150 |
failed_message "failed to get host certificate" |
142 |
} |
151 |
} |
143 |
|
152 |
|
Lines 152-158
check_ldap_tls_connection () {
|
Link Here
|
---|
|
152 |
failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN." |
161 |
failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN." |
153 |
fi |
162 |
fi |
154 |
|
163 |
|
155 |
echo -e "\033[60Gdone" |
164 |
echo_right "done" |
156 |
} |
165 |
} |
157 |
|
166 |
|
158 |
run_join_scripts () { |
167 |
run_join_scripts () { |
Lines 163-179
run_join_scripts () {
|
Link Here
|
---|
|
163 |
test -e "$i" || continue |
172 |
test -e "$i" || continue |
164 |
echo -n "Configure $(basename "$i") " |
173 |
echo -n "Configure $(basename "$i") " |
165 |
[ -n "$SIMPLEGUI" ] && echo |
174 |
[ -n "$SIMPLEGUI" ] && echo |
166 |
echo "Configure $(basename "$i") $(LC_ALL=C date)" >>/var/log/univention/join.log |
175 |
log "Configure $(basename "$i")" |
167 |
bashVerbose="" |
176 |
bashVerbose="" |
168 |
if [ -n "$VERBOSE" -a "$VERBOSE" = "true" ]; then |
177 |
if [ -n "$VERBOSE" -a "$VERBOSE" = "true" ]; then |
169 |
bashVerbose="bash -x" |
178 |
bashVerbose="bash -x" |
170 |
fi |
179 |
fi |
171 |
$bashVerbose "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1 |
180 |
$bashVerbose "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>"$LOGFILE" 2>&1 |
172 |
if [ $? -ne 0 ]; then |
181 |
if [ $? -ne 0 ]; then |
173 |
echo -e "\033[60Gfailed" |
182 |
echo_right "failed" |
174 |
failed_message "FAILED: $(basename "$i")" |
183 |
failed_message "FAILED: $(basename "$i")" |
175 |
else |
184 |
else |
176 |
echo -e "\033[60Gdone" |
185 |
echo_right "done" |
177 |
delete_unjoinscript "$(basename "$i")" |
186 |
delete_unjoinscript "$(basename "$i")" |
178 |
fi |
187 |
fi |
179 |
if [ "$server_role" = "domaincontroller_slave" -o "$server_role" = "domaincontroller_backup" ]; then |
188 |
if [ "$server_role" = "domaincontroller_slave" -o "$server_role" = "domaincontroller_backup" ]; then |
Lines 216-222
run_join_scripts () {
|
Link Here
|
---|
|
216 |
} |
225 |
} |
217 |
|
226 |
|
218 |
# log univention-join call |
227 |
# log univention-join call |
219 |
echo "$(LC_ALL=C date): starting $0 $*" >>/var/log/univention/join.log 2>&1 |
228 |
log "starting $0 $*" |
220 |
|
229 |
|
221 |
while [ $# -gt 0 ] |
230 |
while [ $# -gt 0 ] |
222 |
do |
231 |
do |
|
280 |
|
289 |
|
281 |
# verbose logging for univention-join and listener |
290 |
# verbose logging for univention-join and listener |
282 |
if [ -n "$VERBOSE" -a "$VERBOSE" = "true" ]; then |
291 |
if [ -n "$VERBOSE" -a "$VERBOSE" = "true" ]; then |
283 |
exec 2>>/var/log/univention/join.log |
292 |
exec 2>>"$LOGFILE" |
284 |
set -x |
293 |
set -x |
285 |
if [ -n "$listener_debug_level" ]; then |
294 |
if [ -n "$listener_debug_level" ]; then |
286 |
old_listener_debug_level="$listener_debug_level" |
295 |
old_listener_debug_level="$listener_debug_level" |
287 |
else |
296 |
else |
288 |
old_listener_debug_level="2" |
297 |
old_listener_debug_level="2" |
289 |
fi |
298 |
fi |
290 |
ucr set listener/debug/level=4 >>/var/log/univention/join.log 2>&1 |
299 |
ucr set listener/debug/level=4 >&2 |
291 |
listener_debug_level=4 |
300 |
listener_debug_level=4 |
292 |
fi |
301 |
fi |
293 |
|
302 |
|
Lines 325-337
if [ -z "$DCNAME" ]; then
|
Link Here
|
---|
|
325 |
echo -n "Search DC Master: " |
334 |
echo -n "Search DC Master: " |
326 |
DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" |
335 |
DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" |
327 |
if [ -n "$DCNAME" ]; then |
336 |
if [ -n "$DCNAME" ]; then |
328 |
echo -e "\033[60Gdone" |
337 |
echo_right "done" |
329 |
else |
338 |
else |
330 |
for i in "$nameserver" "$nameserver1" "$nameserver2" "$nameserver3" "$dns_forwarder1" "$dns_forwarder2" "$dns_forwarder3"; do |
339 |
for i in "$nameserver" "$nameserver1" "$nameserver2" "$nameserver3" "$dns_forwarder1" "$dns_forwarder2" "$dns_forwarder3"; do |
331 |
if [ -z "$i" ]; then continue; fi |
340 |
if [ -z "$i" ]; then continue; fi |
332 |
DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" "$i" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" |
341 |
DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" "$i" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')" |
333 |
if [ -n "$DCNAME" ]; then |
342 |
if [ -n "$DCNAME" ]; then |
334 |
echo -e "\033[60Gdone" |
343 |
echo_right "done" |
335 |
echo "domain $domainname" >/etc/resolv.conf |
344 |
echo "domain $domainname" >/etc/resolv.conf |
336 |
echo "nameserver $i" >>/etc/resolv.conf |
345 |
echo "nameserver $i" >>/etc/resolv.conf |
337 |
test -x /etc/init.d/nscd && /etc/init.d/nscd restart >>/var/log/univention/join.log 2>&1 |
346 |
test -x /etc/init.d/nscd && /etc/init.d/nscd restart >>/var/log/univention/join.log 2>&1 |
Lines 352-358
if ! ping -c 1 "$DCNAME" >/dev/null 2>&1 && ! ping6 -c 1 "$DCNAME" >/dev/null 2>
|
Link Here
|
---|
|
352 |
failed_message "ping to $DCNAME failed" |
361 |
failed_message "ping to $DCNAME failed" |
353 |
fi |
362 |
fi |
354 |
|
363 |
|
355 |
if ! univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check |
364 |
if ! univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" echo ssh-check 2>>"$LOGFILE" | grep -qs ssh-check |
356 |
then |
365 |
then |
357 |
failed_message "ssh-login for ${DCACCOUNT}@${DCNAME} failed. Maybe you entered a wrong password." |
366 |
failed_message "ssh-login for ${DCACCOUNT}@${DCNAME} failed. Maybe you entered a wrong password." |
358 |
fi |
367 |
fi |
|
380 |
IFS=$OLDIFS |
389 |
IFS=$OLDIFS |
381 |
|
390 |
|
382 |
# check join constraints |
391 |
# check join constraints |
383 |
echo "running version check" >>/var/log/univention/join.log |
392 |
log "running version check" |
384 |
|
393 |
|
385 |
mystatus="no" |
394 |
mystatus="no" |
386 |
if [ -n "$master_version" -a -n "$master_patchlevel" ]; then |
395 |
if [ -n "$master_version" -a -n "$master_patchlevel" ]; then |
Lines 395-422
if [ "no" = "$mystatus" ]; then
|
Link Here
|
---|
|
395 |
if $VERSION_CHECK; then |
404 |
if $VERSION_CHECK; then |
396 |
failed_message "$vmsg" |
405 |
failed_message "$vmsg" |
397 |
else |
406 |
else |
398 |
echo "$vmsg Continuing anyway as requested with option (-disableVersionCheck)." >>/var/log/univention/join.log |
407 |
log "$vmsg Continuing anyway as requested with option (-disableVersionCheck)." |
399 |
fi |
408 |
fi |
400 |
else |
409 |
else |
401 |
echo "OK: UCS version on ${DCNAME} is higher or equal ($vmaster) to the local version ($vmyself)." >>/var/log/univention/join.log |
410 |
log "OK: UCS version on ${DCNAME} is higher or equal ($vmaster) to the local version ($vmyself)." |
402 |
fi |
411 |
fi |
403 |
|
412 |
|
404 |
echo -e "\033[60Gdone" |
413 |
echo_right "done" |
405 |
|
414 |
|
406 |
if [ -x /etc/init.d/slapd ]; then |
415 |
if [ -x /etc/init.d/slapd ]; then |
407 |
echo -n "Stop LDAP Server: " |
416 |
echo -n "Stop LDAP Server: " |
408 |
/etc/init.d/slapd stop >>/var/log/univention/join.log 2>&1 |
417 |
/etc/init.d/slapd stop >>"$LOGFILE" 2>&1 |
409 |
echo -e "\033[60Gdone" |
418 |
echo_right "done" |
410 |
fi |
419 |
fi |
411 |
|
420 |
|
412 |
if [ -x /etc/init.d/samba4 ]; then |
421 |
if [ -x /etc/init.d/samba4 ]; then |
413 |
echo -n "Stop Samba 4 Server: " |
422 |
echo -n "Stop Samba 4 Server: " |
414 |
if [ "$dns_backend" = "samba4" ]; then |
423 |
if [ "$dns_backend" = "samba4" ]; then |
415 |
ucr set dns/backend=ldap >>/var/log/univention/join.log 2>&1 |
424 |
ucr set dns/backend=ldap >>"$LOGFILE" 2>&1 |
416 |
/etc/init.d/bind9 restart >>/var/log/univention/join.log 2>&1 |
425 |
/etc/init.d/bind9 restart >>"$LOGFILE" 2>&1 |
417 |
fi |
426 |
fi |
418 |
/etc/init.d/samba4 stop >>/var/log/univention/join.log 2>&1 |
427 |
/etc/init.d/samba4 stop >>"$LOGFILE" 2>&1 |
419 |
echo -e "\033[60Gdone" |
428 |
echo_right "done" |
420 |
fi |
429 |
fi |
421 |
|
430 |
|
422 |
if [ -z "$LDAPBASE" ]; then |
431 |
if [ -z "$LDAPBASE" ]; then |
|
428 |
|
437 |
|
429 |
if [ -n "$ldap_base" ]; then |
438 |
if [ -n "$ldap_base" ]; then |
430 |
univention-config-registry set ldap/base="$ldap_base" >/dev/null 2>&1 |
439 |
univention-config-registry set ldap/base="$ldap_base" >/dev/null 2>&1 |
431 |
echo -e "\033[60Gdone" |
440 |
echo_right "done" |
432 |
else |
441 |
else |
433 |
failed_message "Failed to determine ldap/base." |
442 |
failed_message "Failed to determine ldap/base." |
434 |
fi |
443 |
fi |
435 |
|
444 |
|
436 |
if [ -x /etc/init.d/slapd ]; then |
445 |
if [ -x /etc/init.d/slapd ]; then |
437 |
echo -n "Start LDAP Server: " |
446 |
echo -n "Start LDAP Server: " |
438 |
/etc/init.d/slapd start >>/var/log/univention/join.log 2>&1 |
447 |
/etc/init.d/slapd start >>"$LOGFILE" 2>&1 |
439 |
echo -e "\033[60Gdone" |
448 |
echo_right "done" |
440 |
fi |
449 |
fi |
441 |
|
450 |
|
442 |
echo -n "Search LDAP binddn " |
451 |
echo -n "Search LDAP binddn " |
|
460 |
if [ -z "$binddn" ]; then |
469 |
if [ -z "$binddn" ]; then |
461 |
failed_message "binddn for user $DCACCOUNT not found. " |
470 |
failed_message "binddn for user $DCACCOUNT not found. " |
462 |
else |
471 |
else |
463 |
echo -e "\033[60Gdone" |
472 |
echo_right "done" |
464 |
fi |
473 |
fi |
465 |
|
474 |
|
466 |
if [ $server_role != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]; then |
475 |
if [ $server_role != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]; then |
|
470 |
if [ -x /usr/bin/rdate ]; then |
479 |
if [ -x /usr/bin/rdate ]; then |
471 |
echo -n "Sync time " |
480 |
echo -n "Sync time " |
472 |
/usr/bin/rdate "$DCNAME" >/dev/null 2>&1 |
481 |
/usr/bin/rdate "$DCNAME" >/dev/null 2>&1 |
473 |
echo -e "\033[60Gdone" |
482 |
echo_right "done" |
474 |
fi |
483 |
fi |
475 |
|
484 |
|
476 |
args=() |
485 |
args=() |
Lines 506-520
args+=(-role "$server_role" -hostname "$hostname" -domainname "$domainname")
|
Link Here
|
---|
|
506 |
# Copy local $DCPWD to remote $DCPWD' and invoke univention-join remotely |
515 |
# Copy local $DCPWD to remote $DCPWD' and invoke univention-join remotely |
507 |
univention-ssh --no-split "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
516 |
univention-ssh --no-split "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
508 |
'DCPWD=$(mktemp) && trap "rm -f \"$DCPWD\"" EXIT && cat >"$DCPWD" && /usr/share/univention-join/univention-server-join -bindpwfile "$DCPWD"' \ |
517 |
'DCPWD=$(mktemp) && trap "rm -f \"$DCPWD\"" EXIT && cat >"$DCPWD" && /usr/share/univention-join/univention-server-join -bindpwfile "$DCPWD"' \ |
509 |
"$(bashquote "${args[@]}")" <"$DCPWD" 2>&1 | tee "$USERTMP/log" >>/var/log/univention/join.log |
518 |
"$(bashquote "${args[@]}")" <"$DCPWD" 2>&1 | tee "$USERTMP/log" >>"$LOGFILE" |
510 |
res_message="$(sed -n '/^E:/ { s/^E:\s*// p }' "$USERTMP/log")" |
519 |
res_message="$(sed -n '/^E:/ { s/^E:\s*// p }' "$USERTMP/log")" |
511 |
if [ -z "$res_message" ]; then |
520 |
if [ -z "$res_message" ]; then |
512 |
echo -e "\033[60Gdone" |
521 |
echo_right "done" |
513 |
fi |
522 |
fi |
514 |
|
523 |
|
515 |
if [ -s "$USERTMP/log" ] |
524 |
if [ -s "$USERTMP/log" ] |
516 |
then |
525 |
then |
517 |
echo "Join result = [$(<"$USERTMP/log")]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log |
526 |
echo "Join result = [$(<"$USERTMP/log")]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>"$LOGFILE" |
518 |
|
527 |
|
519 |
#try to get password |
528 |
#try to get password |
520 |
kpwd="$(sed -ne 's|^KerberosPasswd="\(.*\)" *|\1|p' <"$USERTMP/log")" |
529 |
kpwd="$(sed -ne 's|^KerberosPasswd="\(.*\)" *|\1|p' <"$USERTMP/log")" |
|
540 |
|
549 |
|
541 |
ldap_dn="$(sed -ne 's|^ldap_dn="\(.*\)" *|\1|p' <"$USERTMP/log")" |
550 |
ldap_dn="$(sed -ne 's|^ldap_dn="\(.*\)" *|\1|p' <"$USERTMP/log")" |
542 |
if [ -n "$ldap_dn" ]; then |
551 |
if [ -n "$ldap_dn" ]; then |
543 |
univention-config-registry set ldap/hostdn="$ldap_dn" >>/var/log/univention/join.log 2>&1 |
552 |
univention-config-registry set ldap/hostdn="$ldap_dn" >>"$LOGFILE" 2>&1 |
544 |
else |
553 |
else |
545 |
failed_message "No LDAP Host DN returned" |
554 |
failed_message "No LDAP Host DN returned" |
546 |
fi |
555 |
fi |
Lines 602-614
set_kerberos_realm () {
|
Link Here
|
---|
|
602 |
local DCNAME="$3" |
611 |
local DCNAME="$3" |
603 |
local realm="$4" |
612 |
local realm="$4" |
604 |
if [ -z "$realm" ]; then |
613 |
if [ -z "$realm" ]; then |
605 |
realm="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" '/usr/sbin/univention-config-registry get kerberos/realm')" >>/var/log/univention/join.log 2>&1 |
614 |
realm="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" '/usr/sbin/univention-config-registry get kerberos/realm')" >>"$LOGFILE" 2>&1 |
606 |
if [ $? != 0 -o -z "$realm" ]; then |
615 |
if [ $? != 0 -o -z "$realm" ]; then |
607 |
echo "Unable to retrieve the kerberos realm. Try to use option -realm <kerberos/realm>" |
616 |
echo "Unable to retrieve the kerberos realm. Try to use option -realm <kerberos/realm>" |
608 |
exit 1 |
617 |
exit 1 |
609 |
fi |
618 |
fi |
610 |
fi |
619 |
fi |
611 |
univention-config-registry set kerberos/realm="$realm" >>/var/log/univention/join.log 2>&1 |
620 |
univention-config-registry set kerberos/realm="$realm" >>"$LOGFILE" 2>&1 |
612 |
} |
621 |
} |
613 |
|
622 |
|
614 |
set_windows_domain () { |
623 |
set_windows_domain () { |
Lines 619-631
set_windows_domain () {
|
Link Here
|
---|
|
619 |
local windom="$4" |
628 |
local windom="$4" |
620 |
|
629 |
|
621 |
if [ -z "$windom" ]; then |
630 |
if [ -z "$windom" ]; then |
622 |
windom="$(univention-ssh "$dcpwd" "${dcaccount}@${dcname}" '/usr/sbin/univention-config-registry get windows/domain')" >>/var/log/univention/join.log 2>&1 |
631 |
windom="$(univention-ssh "$dcpwd" "${dcaccount}@${dcname}" '/usr/sbin/univention-config-registry get windows/domain')" >>"$LOGFILE" 2>&1 |
623 |
if [ $? != 0 -o -z "$windom" ]; then |
632 |
if [ $? != 0 -o -z "$windom" ]; then |
624 |
echo "Unable to retrieve the windows/domain. Try to use option -windom <windows/domain>" |
633 |
echo "Unable to retrieve the windows/domain. Try to use option -windom <windows/domain>" |
625 |
exit 1 |
634 |
exit 1 |
626 |
fi |
635 |
fi |
627 |
fi |
636 |
fi |
628 |
univention-config-registry set windows/domain="$windom" >>/var/log/univention/join.log 2>&1 |
637 |
univention-config-registry set windows/domain="$windom" >>"$LOGFILE" 2>&1 |
629 |
} |
638 |
} |
630 |
|
639 |
|
631 |
if [ "$server_role" = "domaincontroller_backup" ]; then |
640 |
if [ "$server_role" = "domaincontroller_backup" ]; then |
Lines 638-651
if [ "$server_role" = "domaincontroller_backup" ]; then
|
Link Here
|
---|
|
638 |
if [ ! -e "/etc/ldap.secret" ]; then |
647 |
if [ ! -e "/etc/ldap.secret" ]; then |
639 |
failed_message "/etc/ldap.secret not found" |
648 |
failed_message "/etc/ldap.secret not found" |
640 |
fi |
649 |
fi |
641 |
echo -e "\033[60Gdone" |
650 |
echo_right "done" |
642 |
|
651 |
|
643 |
echo -n "Sync ldap-backup.secret: " |
652 |
echo -n "Sync ldap-backup.secret: " |
644 |
univention-scp "$DCPWD" -q "${DCACCOUNT}@${DCNAME}:/etc/ldap-backup.secret" /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1 |
653 |
univention-scp "$DCPWD" -q "${DCACCOUNT}@${DCNAME}:/etc/ldap-backup.secret" /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1 |
645 |
if [ ! -e "/etc/ldap-backup.secret" ]; then |
654 |
if [ ! -e "/etc/ldap-backup.secret" ]; then |
646 |
failed_message "/etc/ldap-backup.secret not found" |
655 |
failed_message "/etc/ldap-backup.secret not found" |
647 |
fi |
656 |
fi |
648 |
echo -e "\033[60Gdone" |
657 |
echo_right "done" |
649 |
|
658 |
|
650 |
univention-config-registry set \ |
659 |
univention-config-registry set \ |
651 |
ldap/server/name="$hostname.$domainname" \ |
660 |
ldap/server/name="$hostname.$domainname" \ |
Lines 654-664
if [ "$server_role" = "domaincontroller_backup" ]; then
|
Link Here
|
---|
|
654 |
ldap/master="$DCNAME" \ |
663 |
ldap/master="$DCNAME" \ |
655 |
ldap/master/port?7389 \ |
664 |
ldap/master/port?7389 \ |
656 |
ldap/server/type=slave \ |
665 |
ldap/server/type=slave \ |
657 |
>>/var/log/univention/join.log 2>&1 |
666 |
>>"$LOGFILE" 2>&1 |
658 |
|
667 |
|
659 |
echo -n "Sync SSL directory: " |
668 |
echo -n "Sync SSL directory: " |
660 |
univention-ssh-rsync "$DCPWD" -az "${DCACCOUNT}@${DCNAME}:/etc/univention/ssl/*" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1 |
669 |
univention-ssh-rsync "$DCPWD" -az "${DCACCOUNT}@${DCNAME}:/etc/univention/ssl/*" /etc/univention/ssl/ >>"$LOGFILE" 2>&1 |
661 |
echo -e "\033[60Gdone" |
670 |
echo_right "done" |
662 |
|
671 |
|
663 |
# prevent join from failing if umask is modified (Bug #21587) |
672 |
# prevent join from failing if umask is modified (Bug #21587) |
664 |
chmod 755 /etc/univention/ssl |
673 |
chmod 755 /etc/univention/ssl |
Lines 679-695
if [ "$server_role" = "domaincontroller_backup" ]; then
|
Link Here
|
---|
|
679 |
ssl/organizationalunit="$ssl_organizationalunit" \ |
688 |
ssl/organizationalunit="$ssl_organizationalunit" \ |
680 |
ssl/common="$ssl_common" \ |
689 |
ssl/common="$ssl_common" \ |
681 |
ssl/email="$ssl_email" \ |
690 |
ssl/email="$ssl_email" \ |
682 |
>>/var/log/univention/join.log 2>&1 |
691 |
>>"$LOGFILE" 2>&1 |
683 |
echo -e "\033[60Gdone" |
692 |
echo_right "done" |
684 |
|
693 |
|
685 |
echo -n "Restart LDAP Server: " |
694 |
echo -n "Restart LDAP Server: " |
686 |
/etc/init.d/slapd restart >>/var/log/univention/join.log 2>&1 |
695 |
/etc/init.d/slapd restart >>/var/log/univention/join.log 2>&1 |
687 |
echo -e "\033[60Gdone" |
696 |
echo_right "done" |
688 |
|
697 |
|
689 |
#TODO: implement a real sync |
698 |
#TODO: implement a real sync |
690 |
echo -n "Sync Kerberos settings: " |
699 |
echo -n "Sync Kerberos settings: " |
691 |
univention-scp "$DCPWD" -r "${DCACCOUNT}@${DCNAME}:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 |
700 |
univention-scp "$DCPWD" -r "${DCACCOUNT}@${DCNAME}:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 |
692 |
echo -e "\033[60Gdone" |
701 |
echo_right "done" |
693 |
|
702 |
|
694 |
|
703 |
|
695 |
# invalidate the nscd hosts cache |
704 |
# invalidate the nscd hosts cache |
Lines 699-705
if [ "$server_role" = "domaincontroller_backup" ]; then
|
Link Here
|
---|
|
699 |
ldap/server/name?"$DCNAME" \ |
708 |
ldap/server/name?"$DCNAME" \ |
700 |
ldap/master?"$DCNAME" \ |
709 |
ldap/master?"$DCNAME" \ |
701 |
kerberos/adminserver?"$DCNAME" \ |
710 |
kerberos/adminserver?"$DCNAME" \ |
702 |
>>/var/log/univention/join.log 2>&1 |
711 |
>>"$LOGFILE" 2>&1 |
703 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
712 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
704 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
713 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
705 |
eval "$(univention-config-registry shell)" |
714 |
eval "$(univention-config-registry shell)" |
Lines 722-728
elif [ "$server_role" = "domaincontroller_slave" ]; then
|
Link Here
|
---|
|
722 |
|
731 |
|
723 |
univention-scp "$DCPWD" "${DCACCOUNT}@${DCNAME}:/etc/ldap-backup.secret /etc/ldap-backup.secret" >/var/log/univention/join.log 2>&1 |
732 |
univention-scp "$DCPWD" "${DCACCOUNT}@${DCNAME}:/etc/ldap-backup.secret /etc/ldap-backup.secret" >/var/log/univention/join.log 2>&1 |
724 |
|
733 |
|
725 |
echo -e "\033[60Gdone" |
734 |
echo_right "done" |
726 |
|
735 |
|
727 |
univention-config-registry set \ |
736 |
univention-config-registry set \ |
728 |
ldap/server/name="$hostname.$domainname" \ |
737 |
ldap/server/name="$hostname.$domainname" \ |
Lines 731-737
elif [ "$server_role" = "domaincontroller_slave" ]; then
|
Link Here
|
---|
|
731 |
ldap/master="$DCNAME" \ |
740 |
ldap/master="$DCNAME" \ |
732 |
ldap/master/port?7389 \ |
741 |
ldap/master/port?7389 \ |
733 |
ldap/server/type=slave \ |
742 |
ldap/server/type=slave \ |
734 |
>>/var/log/univention/join.log 2>&1 |
743 |
>>"$LOGFILE" 2>&1 |
735 |
|
744 |
|
736 |
mkdir -p /etc/univention/ssl/ucsCA |
745 |
mkdir -p /etc/univention/ssl/ucsCA |
737 |
univention-scp "$DCPWD" -q "${DCACCOUNT}@${DCNAME}:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 |
746 |
univention-scp "$DCPWD" -q "${DCACCOUNT}@${DCNAME}:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1 |
Lines 750-760
elif [ "$server_role" = "domaincontroller_slave" ]; then
|
Link Here
|
---|
|
750 |
|
759 |
|
751 |
echo -n "Restart LDAP Server: " |
760 |
echo -n "Restart LDAP Server: " |
752 |
/etc/init.d/slapd restart >>/var/log/univention/join.log 2>&1 |
761 |
/etc/init.d/slapd restart >>/var/log/univention/join.log 2>&1 |
753 |
echo -e "\033[60Gdone" |
762 |
echo_right "done" |
754 |
|
763 |
|
755 |
echo -n "Sync Kerberos settings: " |
764 |
echo -n "Sync Kerberos settings: " |
756 |
univention-scp "$DCPWD" -q -r "${DCACCOUNT}@${DCNAME}:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 |
765 |
univention-scp "$DCPWD" -q -r "${DCACCOUNT}@${DCNAME}:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1 |
757 |
echo -e "\033[60Gdone" |
766 |
echo_right "done" |
758 |
|
767 |
|
759 |
mkdir -p /var/lib/univention-ldap/notify/ |
768 |
mkdir -p /var/lib/univention-ldap/notify/ |
760 |
|
769 |
|
Lines 765-771
elif [ "$server_role" = "domaincontroller_slave" ]; then
|
Link Here
|
---|
|
765 |
ldap/server/name?"$DCNAME" \ |
774 |
ldap/server/name?"$DCNAME" \ |
766 |
ldap/master?"$DCNAME" \ |
775 |
ldap/master?"$DCNAME" \ |
767 |
kerberos/adminserver?"$DCNAME" \ |
776 |
kerberos/adminserver?"$DCNAME" \ |
768 |
>>/var/log/univention/join.log 2>&1 |
777 |
>>"$LOGFILE" 2>&1 |
769 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
778 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
770 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
779 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
771 |
echo -n "0" >/var/lib/univention-ldap/schema/id/id |
780 |
echo -n "0" >/var/lib/univention-ldap/schema/id/id |
Lines 807-813
elif [ "$server_role" = "memberserver" ]; then
|
Link Here
|
---|
|
807 |
ldap/master?"$DCNAME" \ |
816 |
ldap/master?"$DCNAME" \ |
808 |
ldap/master/port?7389 \ |
817 |
ldap/master/port?7389 \ |
809 |
kerberos/adminserver?"$DCNAME" \ |
818 |
kerberos/adminserver?"$DCNAME" \ |
810 |
>>/var/log/univention/join.log 2>&1 |
819 |
>>"$LOGFILE" 2>&1 |
811 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
820 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
812 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
821 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
813 |
touch /var/univention-join/joined |
822 |
touch /var/univention-join/joined |
|
845 |
ldap/master/port?7389 \ |
854 |
ldap/master/port?7389 \ |
846 |
kerberos/adminserver="$DCNAME" \ |
855 |
kerberos/adminserver="$DCNAME" \ |
847 |
nsswitch/ldap=yes \ |
856 |
nsswitch/ldap=yes \ |
848 |
>>/var/log/univention/join.log 2>&1 |
857 |
>>"$LOGFILE" 2>&1 |
849 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
858 |
set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM" |
850 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
859 |
set_windows_domain "$DCPWD" "$DCACCOUNT" "$DCNAME" "$WINDOM" |
851 |
grep -q '^TLS_CACERT' /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf |
860 |
grep -q '^TLS_CACERT' /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf |
|
859 |
fi |
868 |
fi |
860 |
|
869 |
|
861 |
if [ -d /etc/runit/univention-directory-notifier ]; then |
870 |
if [ -d /etc/runit/univention-directory-notifier ]; then |
862 |
/etc/init.d/univention-directory-notifier restart >>/var/log/univention/join.log 2>&1 |
871 |
/etc/init.d/univention-directory-notifier restart >>"$LOGFILE" 2>&1 |
863 |
sleep 3 |
872 |
sleep 3 |
864 |
fi |
873 |
fi |
865 |
|
874 |
|
866 |
if [ -d /etc/runit/univention-directory-listener ]; then |
875 |
if [ -d /etc/runit/univention-directory-listener ]; then |
867 |
/etc/init.d/univention-directory-listener restart >>/var/log/univention/join.log 2>&1 |
876 |
/etc/init.d/univention-directory-listener restart >>"$LOGFILE" 2>&1 |
868 |
fi |
877 |
fi |
869 |
|
878 |
|
870 |
varname="interfaces_${interfaces_primary:-eth0}_type" |
879 |
varname="interfaces_${interfaces_primary:-eth0}_type" |