diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-02-05 19:34:13 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-02-05 19:35:38 +0100 |
commit | f2e52cd21e6de853067596be8448ab9fc71b4ce1 (patch) | |
tree | b0edac27978de707cc3150ba97875e1bd2388a9e | |
parent | abedc2155adad8f8df1c99b46bfba171cb14db65 (diff) | |
download | vyos-1x-f2e52cd21e6de853067596be8448ab9fc71b4ce1.tar.gz vyos-1x-f2e52cd21e6de853067596be8448ab9fc71b4ce1.zip |
radius: T1948: add libnss-mapname support
-rwxr-xr-x | src/conf_mode/system-login-radius.py | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/src/conf_mode/system-login-radius.py b/src/conf_mode/system-login-radius.py index 515e4f637..52010b6ea 100755 --- a/src/conf_mode/system-login-radius.py +++ b/src/conf_mode/system-login-radius.py @@ -119,11 +119,36 @@ def generate(radius): def apply(radius): if len(radius['server']) > 0: - # Enable RADIUS in PAM - os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") + try: + # Enable RADIUS in PAM + os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius") + + # Make NSS system aware of RADIUS, too + cmd = "sed -i -e \'/\smapname/b\' \ + -e \'/^passwd:/s/\s\s*/&mapuid /\' \ + -e \'/^passwd:.*#/s/#.*/mapname &/\' \ + -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \ + -e \'/^group:.*#/s/#.*/ mapname &/\' \ + -e \'/^group:[^#]*$/s/: */&mapname /\' \ + /etc/nsswitch.conf" + + os.system(cmd) + except: + print('RADIUS configuration failed') else: - # Disable RADIUS in PAM - os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") + try: + # Disable RADIUS in PAM + os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius") + + cmd = "'sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ + -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ + -e \'s/[ \t]*$//\' \ + /etc/nsswitch.conf" + + os.system(cmd) + except: + print('Removing RADIUS configuration failed') return None |