Docs/BashScripts/install-ubuntu-dc.sh

# Install using: sudo su -c "bash <(wget -qO- /url/to/install-ubuntu-dc.sh)"

function version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }

REALUSER=$(logname)
IP=$(ip route get 8.8.8.8 | sed -n '/src/{s/.*src *\([^ ]*\).*/\1/p;q}')
GATEWAY=$(/sbin/ip route | awk '/default/ { print $3 }')
OS_VERSION=$(grep -oP 'VERSION_ID="\K[\d.]+' /etc/os-release)

if ! [ $(version $OS_VERSION) -ge $(version "20.0.0") ]; then
    echo "OS version is not 20 or later"
	exit 1
fi
if ip r | grep -iq 'DHCP'; then
    echo "DHCP detected, exiting"
	exit 2
fi

#: <<'END_COMMENT' END_COMMENT
cat << EOF
Before you continue, make sure your system is updated by running "apt update && apt upgrade"

EOF
read -e -p "Enter hostname:" -i "dc1" DCHOST
read -e -p "Enter realm:" -i "myspace.local" DCREALM
read -e -p "Enter domain:" -i "myspace" DCDOMAIN
rm install.log /dev/null 2>&1
{
	hostnamectl set-hostname $DCHOST &&
	# timedatectl list-timezones | grep -i europe &&
	timedatectl set-timezone Europe/Stockholm &&
	sed -i "/^nameserver /c\nameserver $GATEWAY" /etc/resolv.conf
} 2>>install.log

cat << EOF

------------------------------------------------------------
Default Kerberos version 5 realm: ${DCREALM^^}
Kerberos servers for your realm: $DCHOST.${DCREALM,,}
Administrative server for your Kerberos realm: $DCHOST.${DCREALM,,}
------------------------------------------------------------

EOF
read -p "Press any key to resume ..."

if ! grep -q "${DCREALM,,}" "/etc/krb5.conf"; then
	cat <<EOT >> "/etc/krb5.conf"
[libdefaults]
        default_realm = ${DCREALM^^}
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
${DCREALM^^} = {
        default_domain = ${DCREALM,,}
}

[domain_realm]
        $DCHOST = ${DCREALM^^}
EOT
fi

export DEBIAN_FRONTEND=noninteractive
apt -y install samba krb5-config winbind smbclient 2>>install.log &&
# samba package may display errors about "samba-ad-dc.service" when installing, these can be ignored. - https://ubuntu-server-bugs.narkive.com/NxgfWkki/bug-1658273-re-failed-to-preset-unit-unit-file-etc-systemd-system-samba-ad-dc-service-is-masked

# Setting hosts file
if ! grep -q "$DCHOST.${DCREALM,,}" "/etc/hosts"; then
	cat <<EOT >> "/etc/hosts"
$IP $DCHOST.${DCREALM,,} $DCHOST
EOT
fi

{
	mv /etc/samba/smb.conf /etc/samba/smb.conf.original &&
	samba-tool domain provision --function-level=2008_R2 --interactive &&
	# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_Samba_AD_in_Non-interactive_Mode
	# samba-tool domain provision --function-level=2008_R2 --server-role=dc --dns-backend=SAMBA_INTERNAL --realm=${DCREALM^^} --domain=${DCDOMAIN^^} --adminpass=$DCPASSWORD &&
	cp /var/lib/samba/private/krb5.conf /etc/ &&
	systemctl disable --now smbd nmbd winbind systemd-resolved &&
	systemctl unmask samba-ad-dc &&
	systemctl enable --now samba-ad-dc &&
	samba-tool domain level show
} 2>>install.log

# Setting resolv.conf
# ls -l /etc/resolv.conf &&
rm /etc/resolv.conf /dev/null 2>&1
if ! grep -q "${DCREALM,,}" "/etc/resolv.conf"; then
	cat <<EOT >> "/etc/resolv.conf"
nameserver 127.0.0.1
domain ${DCREALM,,}
EOT
fi

{
	samba-tool domain passwordsettings set --complexity=off &&
	samba-tool domain passwordsettings set --min-pwd-length=0 &&
	samba-tool domain passwordsettings set --history-length=0 &&
	samba-tool domain passwordsettings set --max-pwd-age=0 &&
	samba-tool domain passwordsettings set --min-pwd-age=0 &&
	# https://stackoverflow.com/questions/11245144/replace-whole-line-containing-a-string-using-sed
	sed -i '/pam_unix.so/c\password    [success=1 default=ignore]  pam_unix.so minlen=0 sha512' /etc/pam.d/common-password
} 2>>install.log

touch /var/lib/samba/sysvol/${DCREALM,,}/scripts/logon.cmd
chmod 770 /var/lib/samba/sysvol/${DCREALM,,}/scripts/logon.cmd

echo 'Installation complete'