[opensuse-autoinstall] Using autoyast non interactively in a call like: yast autoyast file filename config.xml
Hello, I have a bunch of openSuSE desktops that are running in a network environment with central user management. User authentication for login is done up to now via a central NIS password database. Now I would like to change this and instead athenticate users against a central ldap server. This works when I configure it manually using yast on a already installed system but my problem is how can I automatically reconfigure existing desktops to use ldap instead of NIS. My idea was to use autoyast. So I configured one system, cloned it to get an autoyast config.xml file. Then on another system I wanted to reconfigure I started yast in the following manner: yast autoyast file filename config.xml This basically worked fine, but the problem is, that this was not completely noninteractively, I manually had to select the yast menu to apply the new autoyast configuration to the system. Is there a way to do this without user interaction? Does anyone have another idea how to automatically reconfigure a system from NIS to ldap athentication? Thanks you very much Rainer -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312 PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287 1001312
The following can be used for none interactive installations ( Stage 2 ) $ export TERM=vt100 $ screen -D -m yast /usr/share/YaST2/clients/ayast_setup.ycp setup filename=/tmp/ldap.xml To debug zou have to use the screen command and attach to the running session. saying so the command $ yast /usr/share/YaST2/clients/ayast_setup.ycp setup filename=/tmp/ldap.xml should be tested beforehand. Also you should not use a full blown cloned xml file - imho - but strip it down to the needed settings. Another tip. It might not be possible to reconfigure to ldap in one step thus you might change the system first to passwd (local) and then to ldap. At least i would go this way. Easier to debug as well. Thus you would have an xml file for converting back to passwd ( like noNis.xml ) and a ldap.xml My change from NIS to ldap will take a while. Cheers Hajo -----Original Message----- From: Rainer Krienke [mailto:krienke@uni-koblenz.de] Sent: Tuesday, August 09, 2011 9:54 AM To: opensuse-autoinstall@opensuse.org Subject: [opensuse-autoinstall] Using autoyast non interactively in a call like: yast autoyast file filename config.xml Hello, I have a bunch of openSuSE desktops that are running in a network environment with central user management. User authentication for login is done up to now via a central NIS password database. Now I would like to change this and instead athenticate users against a central ldap server. This works when I configure it manually using yast on a already installed system but my problem is how can I automatically reconfigure existing desktops to use ldap instead of NIS. My idea was to use autoyast. So I configured one system, cloned it to get an autoyast config.xml file. Then on another system I wanted to reconfigure I started yast in the following manner: yast autoyast file filename config.xml -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Am Dienstag, 9. August 2011 schrieb Hans-Joachim Ehlers:
The following can be used for none interactive installations ( Stage 2 )
$ export TERM=vt100 $ screen -D -m yast /usr/share/YaST2/clients/ayast_setup.ycp setup filename=/tmp/ldap.xml
To debug zou have to use the screen command and attach to the running session.
saying so the command
$ yast /usr/share/YaST2/clients/ayast_setup.ycp setup filename=/tmp/ldap.xml
Hello, thank you for the answer. Seems to work fine and converts from NIS to ldap auth using a proper profile.xml file. Rainer -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312 PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287 1001312
Hi Rainer, Would you mind to share your ldap configuration or say at least where you have run into problems. Tia Hajo -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Am Dienstag, 16. August 2011 schrieben Sie:
Hi Rainer,
Would you mind to share your ldap configuration or say at least where you have run into problems.
Hi Hans-Joachim, the problem was not related to the ldap configuration. My only problem was that I did not know how to tell (auto)yast to configure the ldap-configuration I want and to install all needed additional RPM packages on the system without any user interaction, so that the change from NIS to LDAP auth can be done completely automatically on an already installed system. The core ldap related xml profile I use for autoyast is this one: <ldap> <base_config_dn>ou=ldapconfig,dc=uni-koblenz,dc=de</base_config_dn> <bind_dn></bind_dn> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <ldap_domain>dc=uni-koblenz,dc=de</ldap_domain> <ldap_server>ldapserver.uni-koblenz.de</ldap_server> <ldap_tls config:type="boolean">true</ldap_tls> <ldap_v2 config:type="boolean">false</ldap_v2> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <mkhomedir config:type="boolean">false</mkhomedir> <nss_base_group>ou=Group,dc=uni-koblenz,dc=de</nss_base_group> <nss_base_passwd>ou=people,dc=uni-koblenz,dc=de</nss_base_passwd> <nss_base_shadow>ou=people,dc=uni-koblenz,dc=de</nss_base_shadow> <pam_password>exop</pam_password> <sssd config:type="boolean">true</sssd> <start_autofs config:type="boolean">true</start_autofs> <start_ldap config:type="boolean">true</start_ldap> <tls_cacertdir>/etc/ssl/certs</tls_cacertdir> </ldap> Thanks Rainer -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312 PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287 1001312
participants (2)
-
Hans-Joachim Ehlers -
Rainer Krienke