40 lines
1.4 KiB
Bash
Executable File
40 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
# FreeIPA client — installs client packages and optionally enrolls this host.
|
|
# Packages: sssd + cyrus-sasl-gssapi from pacman; freeipa-client (AUR) for
|
|
# ipa-client-install, ipa-getkeytab, etc.
|
|
|
|
PACMAN_PKGS=(sssd cyrus-sasl-gssapi openldap krb5 oddjob)
|
|
AUR_PKGS=(freeipa-client)
|
|
|
|
echo "[+] Installing FreeIPA client packages..."
|
|
pacman -S --noconfirm --needed "${PACMAN_PKGS[@]}"
|
|
|
|
if command -v yay &>/dev/null; then
|
|
echo "[+] Installing freeipa-client (AUR)..."
|
|
yay -S --noconfirm --needed "${AUR_PKGS[@]}"
|
|
else
|
|
echo "[!] yay not found — skipping AUR packages (freeipa-client)."
|
|
echo " Install yay, then run: yay -S --needed freeipa-client"
|
|
fi
|
|
|
|
# Enable sssd (without starting — host is not enrolled yet)
|
|
systemctl enable sssd.service 2>/dev/null || true
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
CLIENT_ENROLL="$SCRIPT_DIR/../../FreeipaAnsible/freeipa-client.sh"
|
|
|
|
echo ""
|
|
echo "[✓] FreeIPA client packages installed."
|
|
echo ""
|
|
echo " To enroll this host, run one of:"
|
|
echo " ipa-client-install --domain=<domain> --server=<server> --principal=admin"
|
|
if [[ -f "$CLIENT_ENROLL" ]]; then
|
|
echo " $CLIENT_ENROLL --interactive"
|
|
echo " $CLIENT_ENROLL --answerfile /path/to/answerfile.json"
|
|
fi
|
|
echo ""
|
|
echo " After enrollment, enable auto-home-dir creation:"
|
|
echo " authselect select sssd with-mkhomedir --force"
|