summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-02-05 19:34:13 +0100
committerChristian Poessinger <christian@poessinger.com>2020-02-05 19:35:38 +0100
commitf2e52cd21e6de853067596be8448ab9fc71b4ce1 (patch)
treeb0edac27978de707cc3150ba97875e1bd2388a9e
parentabedc2155adad8f8df1c99b46bfba171cb14db65 (diff)
downloadvyos-1x-f2e52cd21e6de853067596be8448ab9fc71b4ce1.tar.gz
vyos-1x-f2e52cd21e6de853067596be8448ab9fc71b4ce1.zip
radius: T1948: add libnss-mapname support
-rwxr-xr-xsrc/conf_mode/system-login-radius.py33
1 files changed, 29 insertions, 4 deletions
diff --git a/src/conf_mode/system-login-radius.py b/src/conf_mode/system-login-radius.py
index 515e4f637..52010b6ea 100755
--- a/src/conf_mode/system-login-radius.py
+++ b/src/conf_mode/system-login-radius.py
@@ -119,11 +119,36 @@ def generate(radius):
def apply(radius):
if len(radius['server']) > 0:
- # Enable RADIUS in PAM
- os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius")
+ try:
+ # Enable RADIUS in PAM
+ os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius")
+
+ # Make NSS system aware of RADIUS, too
+ cmd = "sed -i -e \'/\smapname/b\' \
+ -e \'/^passwd:/s/\s\s*/&mapuid /\' \
+ -e \'/^passwd:.*#/s/#.*/mapname &/\' \
+ -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \
+ -e \'/^group:.*#/s/#.*/ mapname &/\' \
+ -e \'/^group:[^#]*$/s/: */&mapname /\' \
+ /etc/nsswitch.conf"
+
+ os.system(cmd)
+ except:
+ print('RADIUS configuration failed')
else:
- # Disable RADIUS in PAM
- os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius")
+ try:
+ # Disable RADIUS in PAM
+ os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius")
+
+ cmd = "'sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \
+ -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \
+ -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \
+ -e \'s/[ \t]*$//\' \
+ /etc/nsswitch.conf"
+
+ os.system(cmd)
+ except:
+ print('Removing RADIUS configuration failed')
return None