From 2502e68bda1ca038e7a6fd9183f3e578d78c01a3 Mon Sep 17 00:00:00 2001
From: Johan <johan.followit@gmail.com>
Date: Tue, 26 Jul 2022 18:24:15 +0200
Subject: [PATCH] Add Active Directory Domain Controller installation bash
 script

---
 BashScript.md                    |   2 +
 BashScripts/install-ubuntu-dc.sh | 111 +++++++++++++++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 BashScripts/install-ubuntu-dc.sh

diff --git a/BashScript.md b/BashScript.md
index 173996a..09c1f7e 100644
--- a/BashScript.md
+++ b/BashScript.md
@@ -7,4 +7,6 @@ cd /var/www/cms/www
 git clone https://git.myspace.nu/MySpace/uCMS-3.git .
 chmod -R ugo+rwx ./</code></pre>
 
+### Installera Active Directory Domain Controller on Ubuntu
 
+<pre><code>sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-ubuntu-dc.sh)"</code></pre>
diff --git a/BashScripts/install-ubuntu-dc.sh b/BashScripts/install-ubuntu-dc.sh
new file mode 100644
index 0000000..bb8eaff
--- /dev/null
+++ b/BashScripts/install-ubuntu-dc.sh
@@ -0,0 +1,111 @@
+# Install using: sudo su -c "bash <(wget -qO- /url/to/install-ubuntu-dc.sh)"
+
+function version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
+
+REALUSER=$(logname)
+IP=$(ip route get 8.8.8.8 | sed -n '/src/{s/.*src *\([^ ]*\).*/\1/p;q}')
+GATEWAY=$(/sbin/ip route | awk '/default/ { print $3 }')
+OS_VERSION=$(grep -oP 'VERSION_ID="\K[\d.]+' /etc/os-release)
+
+if ! [ $(version $OS_VERSION) -ge $(version "20.0.0") ]; then
+    echo "OS version is not 20 or later"
+	exit 1
+fi
+if ip r | grep -iq 'DHCP'; then
+    echo "DHCP detected, exiting"
+	exit 2
+fi
+
+#: <<'END_COMMENT' END_COMMENT
+
+# apt update
+
+read -e -p "Enter hostname:" -i "dc1" DCHOST
+read -e -p "Enter realm:" -i "myspace.local" DCREALM
+read -e -p "Enter domain:" -i "myspace" DCDOMAIN
+
+rm install.log /dev/null 2>&1
+
+{
+	hostnamectl set-hostname $DCHOST &&
+	# timedatectl list-timezones | grep -i europe &&
+	timedatectl set-timezone Europe/Stockholm &&
+	sed -i "/^nameserver /c\nameserver $GATEWAY" /etc/resolv.conf
+} 2>>install.log
+
+cat << EOF
+
+Use these settings:
+------------------------------------------------------------
+Default Kerberos version 5 realm: ${DCREALM^^}
+Kerberos servers for your realm: $DCHOST.${DCREALM,,}
+Administrative server for your Kerberos realm: $DCHOST.${DCREALM,,}
+------------------------------------------------------------
+
+EOF
+read -p "Press any key to resume ..."
+
+if ! grep -q "${DCREALM,,}" "/etc/krb5.conf"; then
+	cat <<EOT >> "/etc/krb5.conf"
+[libdefaults]
+        default_realm = ${DCREALM^^}
+        dns_lookup_realm = false
+        dns_lookup_kdc = true
+
+[realms]
+${DCREALM^^} = {
+        default_domain = ${DCREALM,,}
+}
+
+[domain_realm]
+        $DCHOST = ${DCREALM^^}
+EOT
+fi
+
+export DEBIAN_FRONTEND=noninteractive
+apt -y install samba krb5-config winbind smbclient 2>>install.log &&
+# samba package may display errors about "samba-ad-dc.service" when installing, these can be ignored. - https://ubuntu-server-bugs.narkive.com/NxgfWkki/bug-1658273-re-failed-to-preset-unit-unit-file-etc-systemd-system-samba-ad-dc-service-is-masked
+
+# Setting hosts file
+if ! grep -q "$DCHOST.${DCREALM,,}" "/etc/hosts"; then
+	cat <<EOT >> "/etc/hosts"
+$IP $DCHOST.${DCREALM,,} $DCHOST
+EOT
+fi
+
+{
+	mv /etc/samba/smb.conf /etc/samba/smb.conf.original &&
+	samba-tool domain provision --function-level=2008_R2 --interactive &&
+	# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_Samba_AD_in_Non-interactive_Mode
+	# samba-tool domain provision --function-level=2008_R2 --server-role=dc --dns-backend=SAMBA_INTERNAL --realm=${DCREALM^^} --domain=${DCDOMAIN^^} --adminpass=$DCPASSWORD &&
+	cp /var/lib/samba/private/krb5.conf /etc/ &&
+	systemctl disable --now smbd nmbd winbind systemd-resolved &&
+	systemctl unmask samba-ad-dc &&
+	systemctl enable --now samba-ad-dc &&
+	samba-tool domain level show
+} 2>>install.log
+
+# Setting resolv.conf
+# ls -l /etc/resolv.conf &&
+rm /etc/resolv.conf /dev/null 2>&1
+if ! grep -q "${DCREALM,,}" "/etc/resolv.conf"; then
+	cat <<EOT >> "/etc/resolv.conf"
+nameserver 127.0.0.1
+domain ${DCREALM,,}
+EOT
+fi
+
+{
+	samba-tool domain passwordsettings set --complexity=off &&
+	samba-tool domain passwordsettings set --min-pwd-length=0 &&
+	samba-tool domain passwordsettings set --history-length=0 &&
+	samba-tool domain passwordsettings set --max-pwd-age=0 &&
+	samba-tool domain passwordsettings set --min-pwd-age=0 &&
+	# https://stackoverflow.com/questions/11245144/replace-whole-line-containing-a-string-using-sed
+	sed -i '/pam_unix.so/c\password    [success=1 default=ignore]  pam_unix.so minlen=0 sha512' /etc/pam.d/common-password
+} 2>>install.log
+
+touch /var/lib/samba/sysvol/myspace.local/scripts/logon.cmd
+chmod 770 /var/lib/samba/sysvol/myspace.local/scripts/logon.cmd
+
+echo 'Installation complete'