setup-ads.in 3.39 KB
Newer Older
1 2 3 4 5 6 7 8
#!/bin/sh
#
# Join AD
# for uclibc systems
#
# Copyright (c) 2007 A.Poslavsky
# May be distributed under gpl2

Natanael Copa's avatar
Natanael Copa committed
9 10 11 12 13
# TODO:
# * suggest a domain name based on hostname -d? /etc/resolv.conf?
# * suggest DC server(s) based on 
#     $(dig _kerberos._tcp.dc._msdcs.$DOMAIN SRV  +short)

Natanael Copa's avatar
Natanael Copa committed
14
VERSION=2.0_alpha7
15 16 17 18 19 20 21 22 23 24 25 26 27 28
PROGRAM=setup-ads

. $PREFIX/lib/libalpine.sh

KRBCONF="/etc/krb5.conf"
SMBCONF="/etc/samba/smb.conf"
DOMAINADMIN="Administrator"
PW=""
HOSTNAME=$(hostname)
FORCE=""

retcode=0

die() {
Natanael Copa's avatar
Natanael Copa committed
29
	echo $* >&2
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
	exit 1
}

ask_info() {

	echo "Configuring kerberos"
	echon "Enter your full Domain name in uppercase [$DOMAIN]: "
	default_read DOMAIN $DOMAIN
	echon "Enter your short Domain name (Workgroup) [$WORKGROUP]: "
	default_read WORKGROUP $WORKGROUP
	echon "Domain controller(s) (separate with space) [$DC]: "
	default_read DC $DC
	echon "Domain Administrator [$DOMAINADMIN]: "
	default_read DOMAINADMIN $DOMAINADMIN
}

conf_krb() {
	[ -f  $KRBCONF ] && cp $KRBCONF $KRBCONF.bak ; [ "$VERBOSE" ] && echo "Making backup copy of $KRBCONF to $KRBCONF.bak"

	echo "Writing $KRBCONF"


	echo "[libdefaults]
	default_realm = $DOMAIN

[realms]
$DOMAIN = {
$(for a in $DC
do
	echo "	kdc = $a"
done)
	admin_server = $(echo $DC | sed "s/ .*//")
}

[login]
	krb4_convert = true
	krb4_get_tickets = true" > $KRBCONF

	kinit $DOMAINADMIN@$DOMAIN || die "Sorry, could not authenticate against kerberos!"
}

join_ads() {
	if [ -f  $SMBCONF ] ; then
		cp $SMBCONF $SMBCONF.bak 
		[ "$VERBOSE" ] && echo "Making backup copy of $SMBCONF to $SMBCONF.bak"
	fi
	echo "smb.conf witten by $PROGRAM

[global]
	# Browsing/Identification
	domain master = no
	domain logons = no
	preferred master = no

	# Domain info
	security = ADS
	password server = $(echo $DC)

	workgroup = $WORKGROUP
	realm = $DOMAIN
	netbios name = $HOSTNAME
	server string = "Samba Server $HOSTNAME"
	allow trusted domains = no
	idmap backend = rid:$WORKGROUP=50000-100000000
	winbind separator = -
	winbind nested groups = Yes
	winbind enum users = yes
	winbind enum groups = yes
	idmap uid = 50000-100000000
	idmap gid = 50000-100000000
	wins server = $(echo $DC)
	guest account = nobody

[testshare]
	comment = Secret data
	writable = yes
	path = /srv/Samba/Test
	public = yes
	" > $SMBCONF

	[ "$VERBOSE" ] && echo "net ads join -W $DOMAIN -S $(echo $DC | sed "s/ .*//")  -U $DOMAINADMIN"
	net ads join -W $DOMAIN -S $(echo $DC | awk '{ print $1 }') -U $DOMAINADMIN\
		|| echo "Sorry could not join $DOMAIN domain" && exit 1
}

check_exist() {
	if [ -f "$SMBCONF" -o -f "$KRBCONF" ] ; then
		[ ! "$FORCE" ] && die "Config file(s) already exist(s),
use -f to force overwriting of these file(s)"
	fi
}

usage() {
	echo "$PROGRAM $VERSION"
	echo "usage: $PROGRAM [options] [args]

Options:
  -h     Show help for subcommand.
  -q     Quiet mode.
  -v     Verbose mode.
  -K     <kerberosconfigfile>
  -S     <sambaconfigfile>
  -U     <domain administrator>
  -D     <domain>
  -P     <password>
  -f     force overwrite of existing configfiles (will do backup)

"
	exit 1
}



# parse common args
while getopts "D:fP:hvU:K:S:" opt ; do
	case "$opt" in
		h)	usage
		 	;;
		P)	PW="$OPTARG"
			;;
		v)	VERBOSE="$VERBOSE -v"
			;;
		U)	DOMAINADMIN="$OPTARG"
			;;
		K)	KRBCONF="$OPTARG"
			;;
		S)	SMBCONF="$OPTARG"
			;;
		D)	DOMAIN="$OPTARG"
			;;
		f)	FORCE="$FORCE -f"
			;;
	esac
done
shift `expr $OPTIND - 1`

apk_add samba-ldap
check_exist
ask_info
conf_krb
join_ads
echo "kerberos initialized, domain joined"

exit $retcode