From f2e52cd21e6de853067596be8448ab9fc71b4ce1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 5 Feb 2020 19:34:13 +0100 Subject: radius: T1948: add libnss-mapname support --- src/conf_mode/system-login-radius.py | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'src/conf_mode/system-login-radius.py') diff --git a/src/conf_mode/system-login-radius.py b/src/conf_mode/system-login-radius.py index 515e4f637..52010b6ea 100755 --- a/src/conf_mode/system-login-radius.py +++ b/src/conf_mode/system-login-radius.py @@ -119,11 +119,36 @@ def generate(radius): def apply(radius): if len(radius['server']) > 0: - # Enable RADIUS in PAM - os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") + try: + # Enable RADIUS in PAM + os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") + + # Make NSS system aware of RADIUS, too + cmd = "sed -i -e \'/\smapname/b\' \ + -e \'/^passwd:/s/\s\s*/&mapuid /\' \ + -e \'/^passwd:.*#/s/#.*/mapname &/\' \ + -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ + -e \'/^group:.*#/s/#.*/ mapname &/\' \ + -e \'/^group:[^#]*$/s/: */&mapname /\' \ + /etc/nsswitch.conf" + + os.system(cmd) + except: + print('RADIUS configuration failed') else: - # Disable RADIUS in PAM - os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") + try: + # Disable RADIUS in PAM + os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") + + cmd = "'sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ + -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'s/[ \t]*$//\' \ + /etc/nsswitch.conf" + + os.system(cmd) + except: + print('Removing RADIUS configuration failed') return None -- cgit v1.2.3