Handle Samba-DC different from domain #78

Jean28518 · Apr 19, 2024 · ef42244 · ef42244
1 parent 9ad55b3
commit ef42244
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 26 deletions.
diff --git a/src/lac/unix/unix_scripts/general/setup_samba_dc.sh b/src/lac/unix/unix_scripts/general/setup_samba_dc.sh
@@ -3,15 +3,14 @@
 # DOMAIN
 # IP
 # ADMIN_PASSWORD
-export DEBIAN_FRONTEND=noninteractive
+# LDAP_DC
+# SHORTEND_DOMAIN (We need this for the samba dns server)
 
-# Thrd Level:                                       # subdomain
-SCND_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f1`    # int
-FRST_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f2`    # de
+export DEBIAN_FRONTEND=noninteractive
 
 ## Setup DNS-Environment ##################################
 hostnamectl set-hostname la
-echo "$IP la.$DOMAIN la" >> /etc/hosts # IP of the server itself
+echo "$IP la.$DOMAIN la.$SHORTEND_DOMAIN la" >> /etc/hosts # IP of the server itself
 
 # For ubuntu systems
 systemctl disable --now systemd-resolved
@@ -30,7 +29,7 @@ chattr +i +a /etc/resolv.conf
 ## Setup SAMBA DC #########################################
 
 # We need to set this variables that the krb5-config package does not ask for them
-export REALM=$DOMAIN
+export REALM=$SHORTEND_DOMAIN
 export KDC=la.$DOMAIN
 export ADMIN_SERVER=la.$DOMAIN
 apt update 
@@ -51,7 +50,7 @@ export SAMBA_DNS_FORWARDER=$IP
 # Administrator password
 export SAMBA_ADMIN_PASSWORD=$ADMIN_PASSWORD
 
-samba-tool domain provision --realm=$DOMAIN --domain=la.$DOMAIN --adminpass=$ADMIN_PASSWORD
+samba-tool domain provision --realm=$SHORTEND_DOMAIN --domain=la.$SHORTEND_DOMAIN --adminpass=$ADMIN_PASSWORD
 
 mv /etc/krb5.conf /etc/krb5.conf.orig
 cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
@@ -75,7 +74,7 @@ ST=BV
 O=Nbg
 localityName=Nuremberg
 commonName=$DOMAIN
-organizationalUnitName=Linux-Arbeitsplatz
+organizationalUnitName=Libre Workspace
 emailAddress=webmaster@$DOMAIN
 "
 
@@ -108,14 +107,20 @@ ufw allow ldaps
 
 # Add these subdomains to samba dns server:
 # .la .cloud .office .portal .chat .meet, .element, .matrix
-samba-tool dns add la.$DOMAIN $DOMAIN la A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN cloud A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN office A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN portal A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN chat A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN meet A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN element A $IP -U administrator%$ADMIN_PASSWORD
-samba-tool dns add la.$DOMAIN $DOMAIN matrix A $IP -U administrator%$ADMIN_PASSWORD
+samba-tool dns add la.$DOMAIN $SHORTEND_DOMAIN la A $IP -U administrator%$ADMIN_PASSWORD
+samba-tool dns add la.$SHORTEND_DOMAIN $SHORTEND_DOMAIN la A $IP -U administrator%$ADMIN_PASSWORD
+
+# We take here the normal Domain as the zone because it is only important for us to use these subdomains for the dns server if we are running this in local network (int.de)
+# -> So in local network the domain and shotend_domain are the same
+if [[ $DOMAIN == $SHORTEND_DOMAIN ]]; then
+    samba-tool dns add la.$DOMAIN $DOMAIN cloud A $IP -U administrator%$ADMIN_PASSWORD
+    samba-tool dns add la.$DOMAIN $DOMAIN office A $IP -U administrator%$ADMIN_PASSWORD
+    samba-tool dns add la.$DOMAIN $DOMAIN portal A $IP -U administrator%$ADMIN_PASSWORD
+    samba-tool dns add la.$DOMAIN $DOMAIN chat A $IP -U administrator%$ADMIN_PASSWORD
+    samba-tool dns add la.$DOMAIN $DOMAIN meet A $IP -U administrator%$ADMIN_PASSWORD
+    samba-tool dns add la.$DOMAIN $DOMAIN element A $IP -U administrator%$ADMIN_PASSWORD
+    samba-tool dns add la.$DOMAIN $DOMAIN matrix A $IP -U administrator%$ADMIN_PASSWORD
+fi
 
 # Add all these entries to /etc/hosts
 echo "$IP cloud.$DOMAIN" >> /etc/hosts # Nextcloud

diff --git a/src/lac/welcome/templates/welcome/welcome_start.html b/src/lac/welcome/templates/welcome/welcome_start.html
@@ -4,10 +4,9 @@
 
 <h2>Willkommen!</h2>
 
-<p>In den nächsten Seiten werden wir gemeinsam Libre-Workspace einrichten.</p>
-
-<p>Bitte definieren Sie zunächst Ihr Masterpasswort. Dieses sollte sicher sein und lässt sich später nicht mehr ändern.</p>
-
+<p>In den nächsten Seiten werden wir gemeinsam Libre-Workspace einrichten. Bitte definieren Sie zunächst ein sicheres Masterpasswort.<br>
+Das Passwort muss mindestens 8 Zeichen lang sein, und Sonderzeichen, Zahlen und Buchstaben enthalten.
+</p>
 {% if message != "" %}<p><strong>{{ message }}</strong></p>{% endif %}
 
 <form method="post">  
@@ -20,8 +19,5 @@ <h2>Willkommen!</h2>
     <input type="submit" value="Weiter">
 </form>
 
-<br>
-<br>
-<small>Hinweis: Das Passwort muss mindestens 8 Zeichen lang sein, und Sonderzeichen, Zahlen und Buchstaben enthalten.</small>
 
 {% endblock %}
diff --git a/src/lac/welcome/views.py b/src/lac/welcome/views.py
@@ -55,10 +55,18 @@ def welcome_dns_settings(request):
                 message = "Bitte geben Sie eine Domain an."
             elif request.session["domain"].count(".") != 1:
                 message = "Bitte stellen Sie sicher, dass Sie nur die Domain angeben und keine Subdomain."
-            elif len(request.session["domain"]) > 12:
-                message = "Aufgrund von Einschränkungen bzgl. des NetBIOS-Namens darf die Domain (inklusive Punkt) nicht länger als 12 Zeichen sein. (la.[DOMAIN] <= 15). "
+            lvl1 = request.session["domain"].split(".")[1]
+            if len(lvl1) > 12:
+                message = "Bitte stellen Sie sicher, dass die lvl1 Domain nicht länger als 12 Zeichen ist."
+            lvl2 = request.session["domain"].split(".")[0]
+            # We need the -1 because of the dot
+            shortend_lvl2 = lvl2[:12-len(lvl1)-1]
+            request.session["ldap_dc"] = f"dc={shortend_lvl2},dc={lvl1}"
+            request.session["shortend_domain"] = f"{shortend_lvl2}.{lvl1}"
         else:
             request.session["domain"] = "int.de"
+            request.session["ldap_dc"] = "dc=int,dc=de"
+            request.session["shortend_domain"] = "int.de"
         if message == "":
             return redirect("installation_running")
     return render(request, "welcome/welcome_dns_settings.html", {"message": message, "subdomains": subdomains, "hide_login_button": True})
@@ -78,7 +86,9 @@ def installation_running(request):
     os.environ["JITSI"] = request.session["jitsi"]
 
     domain = os.environ["DOMAIN"]
-    os.environ["LDAP_DC"] = "dc=" + domain.split(".")[-2] + ",dc=" + domain.split(".")[-1]
+    os.environ["LDAP_DC"] = request.session["ldap_dc"]
+    # We only need the shortend domain for the installation of samba dc
+    os.environ["SHORTEND_DOMAIN"] = request.session["shortend_domain"]
 
     # Create env.sh file
     with open("/usr/share/linux-arbeitsplatz/unix/unix_scripts/env.sh", "w") as f: