From b148d290ce2f2b58950dc727a60e5a4bf30ae3d3 Mon Sep 17 00:00:00 2001
From: thorstenspille <thorsten@spille-edv.de>
Date: Sat, 7 Oct 2023 15:37:08 +0200
Subject: [PATCH] Fix Kerberos config on dcs

---
 src/zmb-ad-join/install-service.sh | 10 +++++++++-
 src/zmb-ad/install-service.sh      |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/zmb-ad-join/install-service.sh b/src/zmb-ad-join/install-service.sh
index c4efce7..6bd3af4 100644
--- a/src/zmb-ad-join/install-service.sh
+++ b/src/zmb-ad-join/install-service.sh
@@ -125,6 +125,10 @@ rm -f /etc/samba/smb.conf
 echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
 samba-tool domain join $ZMB_REALM DC --use-kerberos=required --backend-store=mdb
 
+
+rm /etc/krb5.conf
+ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
+
 mkdir -p /mnt/sysvol
 
 cat << EOF > /root/.smbcredentials
@@ -138,11 +142,15 @@ echo "//$LXC_DNS/sysvol /mnt/sysvol cifs credentials=/root/.smbcredentials 0 0"
 mount.cifs //$LXC_DNS/sysvol /mnt/sysvol -o credentials=/root/.smbcredentials
 
 cat > /etc/cron.d/sysvol-sync << EOF
-*/15 * * * * root /usr/bin/rsync -XAavz --delete-after /mnt/sysvol/ /var/lib/samba/sysvol
+*/15 * * * * root /usr/bin/rsync -XAavz --delete-after /mnt/sysvol/ /var/lib/samba/sysvol; if ! /usr/bin/samba-tool ntacl sysvolcheck > /dev/null 2>&1 ; then /usr/bin/samba-tool ntacl sysvolreset ; fi
 EOF
 
 /usr/bin/rsync -XAavz --delete-after /mnt/sysvol/ /var/lib/samba/sysvol
 
+if ! samba-tool ntacl sysvolcheck > /dev/null 2>&1 ; then
+  samba-tool ntacl sysvolreset
+fi
+
 ssh-keygen -q -f "$HOME/.ssh/id_rsa" -N "" -b 4096
 
 systemctl unmask samba-ad-dc
diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh
index 0f7a968..941ef65 100644
--- a/src/zmb-ad/install-service.sh
+++ b/src/zmb-ad/install-service.sh
@@ -131,7 +131,7 @@ rm -f /etc/krb5.conf
 # provision zamba domain
 samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND
 
-cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
+ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
 
 systemctl unmask samba-ad-dc
 systemctl enable samba-ad-dc