I'm having troubles to setup a automativ Domain Join/authentication and authorisation against an MS Active Directory.
Obviously neither the authconfig command nor the auth configuration is executed or is executed properly.
Somehow it seems as if the network setup does not work properly as well - the network config screen is shown after the installation completes.
Our aim is to join the machine to enable automatic (DHCP based) network setup, join the domain and authenticate the users against the Active Directory. A central issue is to keep the UIDs and GIDs synchronized over all linux workstations - so obviously there has to happen something with RID/IDMAP.
Is anybody out there who can give adivice (ideally with working code examples)?
Is there any known way (beside configuring via %post) to setup idmap in the kickstart file? If not with a simple config line, do you know working code examples to set up the idmap lines in smb.cnf? Is that enough or should there be additional modifications on krb5.cnf, nss.cnf etc.?
We want to also setup automatic NFS share usage, is there any known way (beside configuring via %post) to setup autofs-scripts in the kickstarter?
Is it possible to set a hostname or a hostname template within the kickstart file?
Or should that be done in %post or %pre?
We're trying to build workstations via a kickstart file. The basic installation is working quite nice but the post installation part doesn't seem to be executed properly:
Code: Select all
#platform=x86, AMD64 oder Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
logging --level=debug
# Use graphical or text install
#graphical
text
# Accept EULA
eula --agreed
# Reboot after installation
reboot
# Open SSH during installation
sshpw --username=install install --plaintext
# Use CDROM installation media
cdrom
# Root password
rootpw --iscrypted XXXXXXXXXXXX
# System language
lang de_DE.UTF-8 --addsupport=en_UK,fr_FR
# System timezone
timezone Europe/Berlin --isUtc
# Keyboard layouts
keyboard 'de'
keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)'
# ignore all disks but sda
ignoredisk --only-use=sda
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --drives=sda --all --initlabel
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
# Create standard partitioning
reqpart --add-boot
part /boot --fstype xfs --size=200
part pv.01 --size=10240 --grow
volgroup vg01 pv.01
logvol / --name=LV_ROOT --fstype=ext4 --vgname=vg01 --size=10240 --grow
logvol swap --name=LV_SWAP --fstype=swap --vgname=vg01 --recommended
# Firewall configuration
firewall --disabled
# Domain join
realm join domain.loc
# System authorization information
auth --useshadow --passalgo=sha512 --enablesmbauth --smbservers=pdc1.domain.loc,dc2.domain.loc --smbworkgroup=DOMAIN-NT --enablecache
# Run the Setup Agent on first boot
firstboot --enable
# SELinux configuration
selinux --enforcing
# Network information
network --bootproto=dhcp --device=eth0
# Xwindow set up
xconfig --defaultdesktop=GNOME --startxonboot
%packages
@^gnome-desktop-environment
@base
@core
@desktop-debugging
@dial-up
@directory-client
@fonts
@gnome-apps
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
@multimedia
@network-file-system-client
@networkmanager-submodules
@print-client
@security-tools
@x11
chrony
kexec-tools
samba
samba-common
samba-libs
samba-winbind
samba-python
samba-krb5-printing
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%post
authconfig --enableshadow --update --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=DOMAIN-NT --smbrealm=domain.loc, dc2.domain.loc" --winbindjoin=myuser --enablewinbindusedefaultdomain --enablelocauthorize --enablerfc2307bis --enablewins --smbidmaprange="500-99999"
%end
Thanks a lot,
JR