-
Notifications
You must be signed in to change notification settings - Fork 0
/
ad_renew_kerberos.sh
50 lines (45 loc) · 1.3 KB
/
ad_renew_kerberos.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
#filename: ad_renew_kerberos.sh
#description: renews kerberos ticket when things get messed up
mypass="mypass"
myrealm="EXAMPLE.NET"
myuser="myuser"
domainuser=$myuser@$myrealm
domain=$($myrealm| tr '[:upper:]' '[:lower:]')
domainserver="myhost.$domain"
echo "user: $domainuser"
set_time_to_windows() {
echo "sync time with $domainserver"
net time set -S "$domainserver"
}
kinit_reinitialize() {
set_time_to_windows # sync time
echo "reinitializing kinit"
echo "$myuser@$myrealm"
echo $mypass | kinit -V $domainuser
if [[ $? == 0 ]] ; then
echo "success"
else
echo "failed to rejoin"
fi
}
klist=$(/usr/bin/klist </dev/stdin 2>&1) #run klist and capture output
if [[ $klist =~ ^Ticket && $? == 0 ]]; then
echo "klist found attempting to renew key"
renew_ticket_err=$(/usr/bin/kinit -R </dev/stdin 2>&1)
if [[ $renew_ticket_err =~ Ticket.expired ]]; then
echo "running kdestroy"
kdestroy
echo "kdestroy run error is $?"
kinit_reinitialize
else
echo "successful renawal with output of '$renew_ticket_err'"
fi
elif [[ $klist =~ ^klist:.No ]]; then
echo "fix needed. Klist is not displaying"
echo "ERROR message: '$klist'"
kinit_reinitialize
else
echo "user variables not defined"
echo "Please define them in the script."
fi