-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSambaAD-Integrtion.sh
executable file
·235 lines (217 loc) · 6.85 KB
/
SambaAD-Integrtion.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
#!/bin/bash
## File to deploy Domain Controler Integration with Samba for File Sharing
## Centos 7.3
## Tested on Azure
## Developer: Manuel Alejandro Peña Sánchez
## AD Integration with sssd and Samba
## Use ./SambaAD-Integration.sh DOMAINREALM "Domain User" "NTP IP Server"
DOMAINREALM=$1
ADUSER=$2
NTPS=$3
DNS1="IPDNSServer"
DNS2="IPDNSServer"
SEARCH="PREFIX DOMAIN SEARCH"
DOMAIN=$(echo $DOMAINREALM |cut -d. -f1)
SHRNAME="TestSHR"
SHRCOMM="TestSHR"
SHRCOMM="/tmp"
f_news(){
RET=$?
NOK=$1
NBAD=$2
if [ "$RET" -eq 0 ]
then
echo "$NOK"
else
echo "$NBAD"
exit
fi
}
echo "Install SSSD REALM NTPDATE"
yum -y update > /dev/null
f_news "System Updated" "System Update Failed"
yum -y install realmd sssd krb5-workstation krb5-libs oddjob oddjob-mkhomedir samba-common-tools ntp krb5-user samba smbfs samba-client sssd-winbind-idmap ntpdate nano > /dev/null
f_news "SSSD Service Installed" "SSSD Service Install Failed"
echo "Install Samba"
yum -y install krb5-user samba smbfs samba-client > /dev/null
f_news "Samba Service Installed" "Samba Service Install Failed"
echo "Configure ntpserver"
sed -i 's/^server/#server/g' /etc/ntp.conf
echo server $NTPS >> /etc/ntp.conf
systemctl restart ntpd > /dev/null
f_news "NTP Service configured" "NTP Service configure failed"
echo "Change Secure Settings"
echo "SELINUX to Permissive"
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
setenforce 0 > /dev/null
f_news "SELinux Service configured" "SELinux Service configure Failed"
echo "Setting UP Networking INFO for Active Directory Join"
sed -i 's/PEERDNS=yes/PEERDNS=no/g' /etc/sysconfig/network-scripts/ifcfg-eth0
echo DNS1=$DNS1 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo DNS2=$DNS2 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo SEARCH=$SEARCH >> /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart network > /dev/null
f_news "Network Service configured" "Network Service configure Failed"
echo "DOMAIN TESTING"
if ping -c3 $DOMAINREALM
then
realm discover $DOMAINREALM > /dev/null
f_news "Domain Discovery - OK" "Domain Discovery - Failed"
else
echo "Domain not reacheable"
fi
echo "Domain Join"
kinit $ADUSER@$DOMAINREALM
f_news "Kerberos configure - OK" "Kerberos configure - Failed"
realm join --verbose $DOMAINREALM -U $ADUSER@$DOMAINREALM
f_news "Domain Join - OK" "Domain Join - Failed"
SSDCNF='y'
echo -n "¿Change SSSD Configuration?(y/n): "
read SSDCNF
if [ "$SSDCNF" == "y" ]
then
sed -i 's/^default_shell.*/default_shell=\/bin\/bash/g' /etc/sssd/sssd.conf
f_news "SSSD Configure - OK" "SSSD Configure - Failed"
sed -i 's/^use_fully_qualified_names.*/use_fully_qualified_names=False/g' /etc/sssd/sssd.conf
f_news "SSSD Configure - OK" "SSSD Configure - Failed"
sed -i 's/^fallback_homedir.*/fallback_homedir=\/home\/\%u/g' /etc/sssd/sssd.conf
f_news "SSSD Configure - OK" "SSSD Configure - Failed"
sed -i 's/^override_homedir.*/override_homedir=\/home\/\%u/g' /etc/sssd/sssd.conf
f_news "SSSD Configure - OK" "SSSD Configure - Failed"
else
echo "Not Overriding SSSD conf"
fi
systemctl restart sssd realmd > /dev/null
f_news "SSSD restart - OK" "SSSD restart - Failed"
echo "Domain Integration Testing"
echo " ID Testing"
id $ADUSER@$DOMAINREALM
if [ "$SSDCNF" == "y" ]
then
id $ADUSER
fi
echo " SU - Testing"
su - $ADUSER@$DOMAINREALM -c pwd
if [ "$SSDCNF" == "y" ]
then
su - $ADUSER -c pwd
fi
echo "SSH Test (please provide your AD users password)"
if [ "$SSDCNF" == "y" ]
then
ssh $ADUSER@localhost who
else
eval ssh -l '$DOMAIN\$ADUSER' localhost who
fi
echo "Configuring Samba"
mv /etc/samba/smb.conf /etc/samba/smb.conf.old
> /etc/samba/smb.conf
SMBCNF="n"
echo -n "¿Do you want to confiure a Share? (y/n): "
read SMBCNF
echo $SMBCNF
if [ $SMBCNF == "y" ]
then
echo -n "¿Give the name of the Share? (Default: TestSHR): "
read SHRNAME
echo -n "¿Give the Description of the Share? (Default: TestSHR): "
read SHRCOMM
echo -n "¿Give the path of the Share? (Default: /tmp): "
read SHRPATH
echo "# See smb.conf.example for a more detailed config file or
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = $DOMAIN
security = ads
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = $DOMAINREALM
domain master = no
local master = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config $DOMAIN:backend = ad
idmap config $DOMAIN:schema_mode = rfc2307
idmap config $DOMAIN:range = 10000-999999
template homedir = /home/\%U
template shell = /bin/false
# client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
printcap name = /etc/printcap
load printers = no
log file = /var/log/samba/samba.log
log level = 3
[$SHRNAME]
comment = $SHRCOMM
path = $SHRPATH
force group = \"domain users\"
browseable = Yes
writable = yes
read only = no
public = yes
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = no
valid users = @\"domain users\"
write list = @\"domain users\"
inherit permissions = yes
inherit acls = yes" > /etc/samba/smb.conf
else
echo "Taking Default Valuess for SHARE"
echo "
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = $DOMAIN
security = ads
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = $DOMAINREALM
domain master = no
local master = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config $DOMAIN:backend = ad
idmap config $DOMAIN:schema_mode = rfc2307
idmap config $DOMAIN:range = 10000-999999
template homedir = /home/\%U
template shell = /bin/false
# client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
printcap name = /etc/printcap
load printers = no
log file = /var/log/samba/samba.log
log level = 3
[$SHRNAME]
comment = $SHRCOMM
path = $SHRPATH
force group = \"domain users\"
browseable = Yes
writable = yes
read only = no
public = yes
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = no
valid users = @\"domain users\"
write list = @\"domain users\"
inherit permissions = yes
inherit acls = yes" > /etc/samba/smb.conf
fi
f_news "Samba Share Configured Correctly" "Samba Share Configure Failed"
systemctl restart smb nmb > /dev/null
f_news "Samba Share restart Correctly" "Samba Share restart Failed"
echo "DONE"