Add Active Directory Domain Controller installation bash script
This commit is contained in:
Johan
parent
1a03f6b647
commit
2502e68bda
@ -7,4 +7,6 @@ cd /var/www/cms/www
|
||||
git clone https://git.myspace.nu/MySpace/uCMS-3.git .
|
||||
chmod -R ugo+rwx ./</code></pre>
|
||||
|
||||
### Installera Active Directory Domain Controller on Ubuntu
|
||||
|
||||
<pre><code>sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-ubuntu-dc.sh)"</code></pre>
|
||||
|
||||
111
BashScripts/install-ubuntu-dc.sh
Normal file
111
BashScripts/install-ubuntu-dc.sh
Normal file
@ -0,0 +1,111 @@
|
||||
# Install using: sudo su -c "bash <(wget -qO- /url/to/install-ubuntu-dc.sh)"
|
||||
|
||||
function version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
|
||||
|
||||
REALUSER=$(logname)
|
||||
IP=$(ip route get 8.8.8.8 | sed -n '/src/{s/.*src *\([^ ]*\).*/\1/p;q}')
|
||||
GATEWAY=$(/sbin/ip route | awk '/default/ { print $3 }')
|
||||
OS_VERSION=$(grep -oP 'VERSION_ID="\K[\d.]+' /etc/os-release)
|
||||
|
||||
if ! [ $(version $OS_VERSION) -ge $(version "20.0.0") ]; then
|
||||
echo "OS version is not 20 or later"
|
||||
exit 1
|
||||
fi
|
||||
if ip r | grep -iq 'DHCP'; then
|
||||
echo "DHCP detected, exiting"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
#: <<'END_COMMENT' END_COMMENT
|
||||
|
||||
# apt update
|
||||
|
||||
read -e -p "Enter hostname:" -i "dc1" DCHOST
|
||||
read -e -p "Enter realm:" -i "myspace.local" DCREALM
|
||||
read -e -p "Enter domain:" -i "myspace" DCDOMAIN
|
||||
|
||||
rm install.log /dev/null 2>&1
|
||||
|
||||
{
|
||||
hostnamectl set-hostname $DCHOST &&
|
||||
# timedatectl list-timezones | grep -i europe &&
|
||||
timedatectl set-timezone Europe/Stockholm &&
|
||||
sed -i "/^nameserver /c\nameserver $GATEWAY" /etc/resolv.conf
|
||||
} 2>>install.log
|
||||
|
||||
cat << EOF
|
||||
|
||||
Use these settings:
|
||||
------------------------------------------------------------
|
||||
Default Kerberos version 5 realm: ${DCREALM^^}
|
||||
Kerberos servers for your realm: $DCHOST.${DCREALM,,}
|
||||
Administrative server for your Kerberos realm: $DCHOST.${DCREALM,,}
|
||||
------------------------------------------------------------
|
||||
|
||||
EOF
|
||||
read -p "Press any key to resume ..."
|
||||
|
||||
if ! grep -q "${DCREALM,,}" "/etc/krb5.conf"; then
|
||||
cat <<EOT >> "/etc/krb5.conf"
|
||||
[libdefaults]
|
||||
default_realm = ${DCREALM^^}
|
||||
dns_lookup_realm = false
|
||||
dns_lookup_kdc = true
|
||||
|
||||
[realms]
|
||||
${DCREALM^^} = {
|
||||
default_domain = ${DCREALM,,}
|
||||
}
|
||||
|
||||
[domain_realm]
|
||||
$DCHOST = ${DCREALM^^}
|
||||
EOT
|
||||
fi
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt -y install samba krb5-config winbind smbclient 2>>install.log &&
|
||||
# samba package may display errors about "samba-ad-dc.service" when installing, these can be ignored. - https://ubuntu-server-bugs.narkive.com/NxgfWkki/bug-1658273-re-failed-to-preset-unit-unit-file-etc-systemd-system-samba-ad-dc-service-is-masked
|
||||
|
||||
# Setting hosts file
|
||||
if ! grep -q "$DCHOST.${DCREALM,,}" "/etc/hosts"; then
|
||||
cat <<EOT >> "/etc/hosts"
|
||||
$IP $DCHOST.${DCREALM,,} $DCHOST
|
||||
EOT
|
||||
fi
|
||||
|
||||
{
|
||||
mv /etc/samba/smb.conf /etc/samba/smb.conf.original &&
|
||||
samba-tool domain provision --function-level=2008_R2 --interactive &&
|
||||
# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_Samba_AD_in_Non-interactive_Mode
|
||||
# samba-tool domain provision --function-level=2008_R2 --server-role=dc --dns-backend=SAMBA_INTERNAL --realm=${DCREALM^^} --domain=${DCDOMAIN^^} --adminpass=$DCPASSWORD &&
|
||||
cp /var/lib/samba/private/krb5.conf /etc/ &&
|
||||
systemctl disable --now smbd nmbd winbind systemd-resolved &&
|
||||
systemctl unmask samba-ad-dc &&
|
||||
systemctl enable --now samba-ad-dc &&
|
||||
samba-tool domain level show
|
||||
} 2>>install.log
|
||||
|
||||
# Setting resolv.conf
|
||||
# ls -l /etc/resolv.conf &&
|
||||
rm /etc/resolv.conf /dev/null 2>&1
|
||||
if ! grep -q "${DCREALM,,}" "/etc/resolv.conf"; then
|
||||
cat <<EOT >> "/etc/resolv.conf"
|
||||
nameserver 127.0.0.1
|
||||
domain ${DCREALM,,}
|
||||
EOT
|
||||
fi
|
||||
|
||||
{
|
||||
samba-tool domain passwordsettings set --complexity=off &&
|
||||
samba-tool domain passwordsettings set --min-pwd-length=0 &&
|
||||
samba-tool domain passwordsettings set --history-length=0 &&
|
||||
samba-tool domain passwordsettings set --max-pwd-age=0 &&
|
||||
samba-tool domain passwordsettings set --min-pwd-age=0 &&
|
||||
# https://stackoverflow.com/questions/11245144/replace-whole-line-containing-a-string-using-sed
|
||||
sed -i '/pam_unix.so/c\password [success=1 default=ignore] pam_unix.so minlen=0 sha512' /etc/pam.d/common-password
|
||||
} 2>>install.log
|
||||
|
||||
touch /var/lib/samba/sysvol/myspace.local/scripts/logon.cmd
|
||||
chmod 770 /var/lib/samba/sysvol/myspace.local/scripts/logon.cmd
|
||||
|
||||
echo 'Installation complete'
|
||||
Loading…
x
Reference in New Issue
Block a user