diff --git a/ks_base_profiles/fedora_44_cinnamon_fullsetup.cfg b/ks_base_profiles/fedora_44_cinnamon_fullsetup.cfg index ad99318..4d32d42 100644 --- a/ks_base_profiles/fedora_44_cinnamon_fullsetup.cfg +++ b/ks_base_profiles/fedora_44_cinnamon_fullsetup.cfg @@ -30,14 +30,15 @@ timezone Europe/Berlin --utc @libreoffice @office @sound-and-video +#Okular is kde only, use evince on cinnamon +#okular +evince libva-utils libavcodec-freeworld mesa-va-drivers-freeworld ffmpeg @vlc python-vlc -#@development-tools -#@editors @firefox thunderbird openssh-server diff --git a/ks_base_profiles/fedora_44_kde_fullsetup.cfg b/ks_base_profiles/fedora_44_kde_fullsetup.cfg index 1afa0d7..9bf8fe0 100644 --- a/ks_base_profiles/fedora_44_kde_fullsetup.cfg +++ b/ks_base_profiles/fedora_44_kde_fullsetup.cfg @@ -30,6 +30,7 @@ mount -L OEMDRV /mnt/anaconda_pre @libreoffice @office @sound-and-video +okular libva-utils libavcodec-freeworld mesa-va-drivers-freeworld diff --git a/system_setup/logon_script.sh b/system_setup/logon_script.sh index 1e2a651..26697ad 100755 --- a/system_setup/logon_script.sh +++ b/system_setup/logon_script.sh @@ -17,6 +17,23 @@ if [ "$EUID" -eq 0 ]; then echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi +# Check DNS resolution before proceeding - logon depends on IPA and Nextcloud being reachable +_dns_target="${SERVERFQDN_IPA}" +while ! getent hosts "${_dns_target}" >/dev/null 2>&1; do + elog_add "Warning: DNS resolution failed for ${_dns_target} - network or DNS not ready." + echo "" + echo "Warning: DNS resolution failed for ${_dns_target}." + echo "Please check your network connection and DNS settings before continuing." + echo "" + printf " [R]etry [C]ontinue anyway [Q]uit: " + read -r _dns_choice + case "${_dns_choice}" in + [Cc]) elog_add "Continuing despite DNS failure (user choice)."; break ;; + [Qq]) elog_add "Script aborted by user due to DNS failure."; exit 1 ;; + *) elog_add "Retrying DNS check for ${_dns_target}..." ;; + esac +done + #Check for needed python-modules #For WEBDAV python -c "import webdav3">/dev/null 2>&1 diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh index 7a44ed1..098c2df 100755 --- a/system_setup/sync_client_software.sh +++ b/system_setup/sync_client_software.sh @@ -10,6 +10,16 @@ if [ "$EUID" -ne 0 ]; then echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi +# Ensure krb5_validate = False in sssd.conf to restore offline auth +# (SSSD >= 2.10.1 skips the CAP_DAC_READ_SEARCH raise in offline mode, so validate_tgt +# fails with EACCES before the cached-credential fallback is reached) +_SSSD_CONF="/etc/sssd/sssd.conf" +if [ -f "${_SSSD_CONF}" ] && ! grep -q "^krb5_validate" "${_SSSD_CONF}"; then + echo "Patching sssd.conf: adding 'krb5_validate = False' to restore offline authentication" + sed -i "/^\[domain\/${DOMAIN}\]/a krb5_validate = False" "${_SSSD_CONF}" + systemctl restart sssd +fi + #Check Token if [ "${DAVTOKEN_USER}." == "." ]; then echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environment from logon-script."