obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix offline auth and DNS failure handling #28

Merged
obel1x merged 4 commits from unbrot/fedora-OEMDRV:main into main 2026-05-07 12:46:16 +02:00
Conversation 0 Commits 4 Files Changed 4
+31 -2
4 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ks_base_profiles/fedora_44_cinnamon_fullsetup.cfg
+3 -2
View File
@@ -30,14 +30,15 @@ timezone Europe/Berlin --utc
@libreoffice @libreoffice
@office @office
@sound-and-video @sound-and-video
#Okular is kde only, use evince on cinnamon
#okular
evince
libva-utils libva-utils
libavcodec-freeworld libavcodec-freeworld
mesa-va-drivers-freeworld mesa-va-drivers-freeworld
ffmpeg ffmpeg
@vlc @vlc
python-vlc python-vlc
#@development-tools
#@editors
@firefox @firefox
thunderbird thunderbird
openssh-server openssh-server
ks_base_profiles/fedora_44_kde_fullsetup.cfg
+1
View File
@@ -30,6 +30,7 @@ mount -L OEMDRV /mnt/anaconda_pre
@libreoffice @libreoffice
@office @office
@sound-and-video @sound-and-video
okular
libva-utils libva-utils
libavcodec-freeworld libavcodec-freeworld
mesa-va-drivers-freeworld mesa-va-drivers-freeworld
system_setup/logon_script.sh
+17
View File
@@ -17,6 +17,23 @@ if [ "$EUID" -eq 0 ]; then
echo "Press any key to continue" && read -n 1 -s -r && exit 1 echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi fi
# Check DNS resolution before proceeding - logon depends on IPA and Nextcloud being reachable
_dns_target="${SERVERFQDN_IPA}"
while ! getent hosts "${_dns_target}" >/dev/null 2>&1; do
elog_add "Warning: DNS resolution failed for ${_dns_target} - network or DNS not ready."
echo ""
echo "Warning: DNS resolution failed for ${_dns_target}."
echo "Please check your network connection and DNS settings before continuing."
echo ""
printf " [R]etry [C]ontinue anyway [Q]uit: "
read -r _dns_choice
case "${_dns_choice}" in
[Cc]) elog_add "Continuing despite DNS failure (user choice)."; break ;;
[Qq]) elog_add "Script aborted by user due to DNS failure."; exit 1 ;;
*) elog_add "Retrying DNS check for ${_dns_target}..." ;;
esac
done
#Check for needed python-modules #Check for needed python-modules
#For WEBDAV #For WEBDAV
python -c "import webdav3">/dev/null 2>&1 python -c "import webdav3">/dev/null 2>&1
system_setup/sync_client_software.sh
+10
View File
@@ -10,6 +10,16 @@ if [ "$EUID" -ne 0 ]; then
echo "Press any key to continue" && read -n 1 -s -r && exit 1 echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi fi
# Ensure krb5_validate = False in sssd.conf to restore offline auth
# (SSSD >= 2.10.1 skips the CAP_DAC_READ_SEARCH raise in offline mode, so validate_tgt
# fails with EACCES before the cached-credential fallback is reached)
_SSSD_CONF="/etc/sssd/sssd.conf"
if [ -f "${_SSSD_CONF}" ] && ! grep -q "^krb5_validate" "${_SSSD_CONF}"; then
echo "Patching sssd.conf: adding 'krb5_validate = False' to restore offline authentication"
sed -i "/^\[domain\/${DOMAIN}\]/a krb5_validate = False" "${_SSSD_CONF}"
systemctl restart sssd
fi
#Check Token #Check Token
if [ "${DAVTOKEN_USER}." == "." ]; then if [ "${DAVTOKEN_USER}." == "." ]; then
echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environment from logon-script." echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environment from logon-script."