Puppet Class: realmd::join::one_time_password

Defined in:
manifests/join/one_time_password.pp

Overview

Class realmd::join::password

This class is called from realmd for joining AD using a username and password. The default password for Windows ADS is “the first 15 chars of the hostname in lowercase”



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'manifests/join/one_time_password.pp', line 8

class realmd::join::one_time_password {
  $_domain            = $realmd::domain
  $_netbiosname       = $realmd::netbiosname
  $_ou                = $realmd::ou
  $_krb_config_file   = $realmd::krb_config_file
  $_krb_config        = $realmd::krb_config
  $_manage_krb_config = $realmd::manage_krb_config

  $_krb_config_final = deep_merge({ 'libdefaults' => { 'default_realm' => upcase($facts['networking']['domain']) } }, $_krb_config)
  if !$realmd::one_time_password {
    $_password=$::hostname[0,15]
  }
  else {
    $_password=$realmd::one_time_password
  }
  $_realm=upcase($realmd::domain)
  $_fqdn=$facts['networking']['fqdn']

  if $_manage_krb_config {
    file { 'krb_configuration':
      ensure  => file,
      path    => $_krb_config_file,
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      content => template('realmd/krb5.conf.erb'),
    }
  }

  if !empty($_netbiosname) {
    $_check_pricipal = $_netbiosname
    $_domain_args = ["--domain=${_domain}", "--user-principal=host/${_fqdn}@${_realm}",
    '--login-type=computer', "--computer-name=${_netbiosname}"]
  } else {
    $_check_pricipal = $::hostname[0,15]
    $_domain_args = ["--domain=${_domain}", "--user-principal=host/${_fqdn}@${_realm}", '--login-type=computer']
  }

  if $_ou != undef {
    $_ou_args= ["--computer-ou='${_ou}'"]
  }
  else {
    $_ou_args= []
  }

  if $realmd::one_time_password != undef {
    $_password_args= ["--one-time-password='${$realmd::one_time_password}'"]
  }
  else {
    $_password_args= ['--no-password']
  }

  $_args = join(concat( $_domain_args, $_ou_args, $_password_args), ' ')

  exec { 'realm_join_one_time_password':
    path    => '/usr/bin:/usr/sbin:/bin',
    command => "adcli join ${_args}",
    unless  => "klist -k /etc/krb5.keytab | grep -i '${_check_pricipal}@${_domain}'",
  }
}