I'm trying to setup a block of hosts using kickstart and there's two commands that need the password to be entered. One is kinit, for that one it's easy to just generate a keytab file and pass it using -t, the other is the net join that gets called indirectly when I execute the authconfig command.
Is there any way to hand the password in either through a credentials file or using a password hash? Obviously I don't want to just pass it as plain text.
@ewwhite Thanks for the link, I'll have a look. I'm not sure of anything, and I'm definitely not opposed to using SSSD for this if it lets me accomplish the exact same thing and it allows for unattended provisioning. My using Samba/Winbind has more to do with my level of comfort for those. Can you suggest how I would go about doing the same thing using SSSD keeping in mind that I don't want to have to input a password manually?
Relevant kickstart content:
cat << EOF > /etc/samba/smb.conf
[global]
encrypt passwords = yes
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
passdb backend = tdbsam
EOF
chkconfig smb on
chkconfig nmb on
service smb restart
service nmb restart
cat << EOF > /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = AD.DOMAIN.NET
dns_lookup_realm = true
dns_lookup_kdc = true
allow_weak_crypto = false
ticket_lifetime = 24h
renew_lifetime = 7d
rdns = false
forwardable = true
[realms]
AD.DOMAIN.NET = {
admin_server = dc01.ad.domain.net
default_domain = ad.domain.net
kdc = dc01.ad.domain.net
}
[domain_realm]
.ad.domain.net = AD.DOMAIN.NET
ad.domain.net = AD.DOMAIN.NET
EOF
net time set -S dc01.ad.domain.net
/usr/bin/kinit -k -t addom.keytab Administrator@AD.DOMAIN.NET
authconfig --update \
--kickstart \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbrealm=AD.DOMAIN.NET \
--winbindjoin=administrator@AD.DOMAIN.NET \
--winbindtemplatehomedir=/home/DOMAIN/%U \
--winbindtemplateshell=/bin/bash \
--enablewinbindusedefaultdomain \
--enablelocauthorize \
--smbservers=dc01.ad.domain.net \
--enablemkhomedir \
--smbidmaprange=100000-200000