# Install using: sudo su -c "bash <(wget -qO- /url/to/install-ubuntu-dc.sh)" # https://www.youtube.com/watch?v=zzpEIezhues function version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; } # Make sure script is ran as root if [[ $EUID -ne 0 ]]; then exec sudo /bin/bash "$0" "$@" fi REALUSER=$(logname) apt update -qq 2>>install.log IP=$(ip route get 8.8.8.8 | sed -n '/src/{s/.*src *$[^ ]*$.*/\1/p;q}') GATEWAY=$(/sbin/ip route | awk '/default/ { print $3 }') OS_VERSION=$(grep -oP 'VERSION_ID="\K[\d.]+' /etc/os-release) if ! [ $(version $OS_VERSION) -ge $(version "20.0.0") ]; then echo "OS version is not 20 or later" exit 1 fi if ip r | grep -iq 'DHCP'; then echo "DHCP detected, exiting" exit 2 fi #: <<'END_COMMENT' END_COMMENT cat << EOF Before you continue, make sure your system is updated by running "apt update && apt upgrade" EOF read -e -p "Enter hostname:" -i "dc1" DCHOST read -e -p "Enter realm:" -i "myspace.local" DCREALM read -e -p "Enter domain:" -i "myspace" DCDOMAIN rm install.log /dev/null 2>&1 { hostnamectl set-hostname $DCHOST && # timedatectl list-timezones | grep -i europe && timedatectl set-timezone Europe/Stockholm && sed -i "/^nameserver /c\nameserver $GATEWAY" /etc/resolv.conf } 2>>install.log cat << EOF ------------------------------------------------------------ Default Kerberos version 5 realm: ${DCREALM^^} Kerberos servers for your realm: $DCHOST.${DCREALM,,} Administrative server for your Kerberos realm: $DCHOST.${DCREALM,,} ------------------------------------------------------------ EOF read -p "Press any key to resume ..." if ! grep -q "${DCREALM,,}" "/etc/krb5.conf"; then cat <> "/etc/krb5.conf" [libdefaults] default_realm = ${DCREALM^^} dns_lookup_realm = false dns_lookup_kdc = true [realms] ${DCREALM^^} = { default_domain = ${DCREALM,,} } [domain_realm] $DCHOST = ${DCREALM^^} EOT fi # export DEBIAN_FRONTEND=noninteractive echo "In the next step, just confirm the default settings." read -p "Press any key to resume ..." apt -y install samba krb5-config winbind smbclient 2>>install.log && # samba package may display errors about "samba-ad-dc.service" when installing, these can be ignored. - https://ubuntu-server-bugs.narkive.com/NxgfWkki/bug-1658273-re-failed-to-preset-unit-unit-file-etc-systemd-system-samba-ad-dc-service-is-masked # Setting hosts file if ! grep -q "$DCHOST.${DCREALM,,}" "/etc/hosts"; then cat <> "/etc/hosts" $IP $DCHOST.${DCREALM,,} $DCHOST EOT fi { mv /etc/samba/smb.conf /etc/samba/smb.conf.original echo "In the next step, enter '${DCREALM,,}' as realm. Then use the default settings." echo "Press any key to resume ..." read -p "Press any key to resume ..." samba-tool domain provision --function-level=2008_R2 --interactive && # https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_Samba_AD_in_Non-interactive_Mode # samba-tool domain provision --function-level=2008_R2 --server-role=dc --dns-backend=SAMBA_INTERNAL --realm=${DCREALM^^} --domain=${DCDOMAIN^^} --adminpass=$DCPASSWORD && cp /var/lib/samba/private/krb5.conf /etc/ && systemctl disable --now smbd nmbd winbind systemd-resolved && systemctl unmask samba-ad-dc && systemctl enable --now samba-ad-dc && samba-tool domain level show } 2>>install.log # Setting resolv.conf # ls -l /etc/resolv.conf && rm /etc/resolv.conf /dev/null 2>&1 if ! grep -q "${DCREALM,,}" "/etc/resolv.conf"; then cat <> "/etc/resolv.conf" nameserver 127.0.0.1 domain ${DCREALM,,} EOT fi { samba-tool domain passwordsettings set --complexity=off && samba-tool domain passwordsettings set --min-pwd-length=0 && samba-tool domain passwordsettings set --history-length=0 && samba-tool domain passwordsettings set --max-pwd-age=0 && samba-tool domain passwordsettings set --min-pwd-age=0 && # https://stackoverflow.com/questions/11245144/replace-whole-line-containing-a-string-using-sed sed -i '/pam_unix.so/c\password [success=1 default=ignore] pam_unix.so minlen=0 sha512' /etc/pam.d/common-password } 2>>install.log touch /var/lib/samba/sysvol/${DCREALM,,}/scripts/logon.cmd chmod 770 /var/lib/samba/sysvol/${DCREALM,,}/scripts/logon.cmd echo 'Installation complete'