From f2e52cd21e6de853067596be8448ab9fc71b4ce1 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 5 Feb 2020 19:34:13 +0100
Subject: radius: T1948: add libnss-mapname support
---
src/conf_mode/system-login-radius.py | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
(limited to 'src')
diff --git a/src/conf_mode/system-login-radius.py b/src/conf_mode/system-login-radius.py
index 515e4f637..52010b6ea 100755
--- a/src/conf_mode/system-login-radius.py
+++ b/src/conf_mode/system-login-radius.py
@@ -119,11 +119,36 @@ def generate(radius):
def apply(radius):
if len(radius['server']) > 0:
- # Enable RADIUS in PAM
- os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius")
+ try:
+ # Enable RADIUS in PAM
+ os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --enable radius")
+
+ # Make NSS system aware of RADIUS, too
+ cmd = "sed -i -e \'/\smapname/b\' \
+ -e \'/^passwd:/s/\s\s*/&mapuid /\' \
+ -e \'/^passwd:.*#/s/#.*/mapname &/\' \
+ -e \'/^passwd:[^#]*$/s/$/ mapname &/\' \
+ -e \'/^group:.*#/s/#.*/ mapname &/\' \
+ -e \'/^group:[^#]*$/s/: */&mapname /\' \
+ /etc/nsswitch.conf"
+
+ os.system(cmd)
+ except:
+ print('RADIUS configuration failed')
else:
- # Disable RADIUS in PAM
- os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius")
+ try:
+ # Disable RADIUS in PAM
+ os.system("DEBIAN_FRONTEND=noninteractive pam-auth-update --package --remove radius")
+
+ cmd = "'sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \
+ -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \
+ -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \
+ -e \'s/[ \t]*$//\' \
+ /etc/nsswitch.conf"
+
+ os.system(cmd)
+ except:
+ print('Removing RADIUS configuration failed')
return None
--
cgit v1.2.3