authconfig-tui for Ansible playbook

433 views
Skip to first unread message

Predrag Punosevac

unread,
Oct 12, 2016, 5:06:23 PM10/12/16
to springdale-users
Dear All,

I am trying to write an Ansible playbook which will automatically configure LDAP authentication and authorization against my OpenBSD LDAP server (I don't use OpenLDAP server). 

I have being doing this manually for almost 3 years now and I got sick of doing it. Configuring openldap-client on Springdale and sssd from Ansible is pretty trivial as it involves fetching on configuration file a peace, a certificate and starting those services. I am little bit less sure about the last step.
Namely I always manually run autoconfig-tui which for sure changes

/etc/nsswitch 

by adding sssd option

file but also alters

root@gpu3$ diff --brief -Nr  /etc/pam.d/ /root/pam.d/
Files /etc/pam.d/fingerprint-auth and /root/pam.d/fingerprint-auth differ
Files /etc/pam.d/fingerprint-auth-ac and /root/pam.d/fingerprint-auth-ac differ
Files /etc/pam.d/password-auth and /root/pam.d/password-auth differ
Files /etc/pam.d/password-auth-ac and /root/pam.d/password-auth-ac differ
Files /etc/pam.d/smartcard-auth and /root/pam.d/smartcard-auth differ
Files /etc/pam.d/smartcard-auth-ac and /root/pam.d/smartcard-auth-ac differ
Files /etc/pam.d/system-auth and /root/pam.d/system-auth differ
Files /etc/pam.d/system-auth-ac and /root/pam.d/system-auth-ac differ


and possibly /etc/sysconfig/authconfig which I forgot to record 


Could a kind soul please tell me which files need to be altered and what daemons restarted if I don't run authconfig-tui manually?


Thanks,
Predrago

P.S. I just check the box Use LDAP under User Information and box Use LDAP AUthentication under Authentication tab in authconfig-tui and everything works.

Thomas Uphill

unread,
Oct 12, 2016, 5:09:38 PM10/12/16
to springda...@googlegroups.com
The tui is for interactive, use the non tui one...

authconfig --updateall

I believe that will do all the necessary restarts.
--t.


--
You received this message because you are subscribed to the Google Groups "springdale-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to springdale-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Thomas Uphill
tup...@gmail.com

Prentice Bisbal

unread,
Oct 12, 2016, 5:21:16 PM10/12/16
to springda...@googlegroups.com

Adding --test to the end of your authconfig command won't make changes, but will show what changes it will make, which may be useful for making your your capture all the necessary changes in your ansible playbook. Unfortunately the output format isn't very useful, some understanding of all the services  and config files is necessary just to understand the output :( 


Prentice
To unsubscribe from this group and stop receiving emails from it, send an email to springdale-use...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages