From 212fbb4c6eeadb3a2fa4dd426cbd2f4075cb0961 Mon Sep 17 00:00:00 2001 From: PierreGoude Date: Thu, 7 Sep 2017 12:58:43 +0200 Subject: [PATCH] Update ADconnection.sh --- ADconnection.sh | 252 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 242 insertions(+), 10 deletions(-) diff --git a/ADconnection.sh b/ADconnection.sh index bea44a6..8e7412d 100644 --- a/ADconnection.sh +++ b/ADconnection.sh @@ -255,6 +255,233 @@ exit fi } +####################### Setup for Ubuntu16 and Ubuntu 14 clients debug mode ###################################### +ubuntuclientdebug(){ +desktop=$(sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop) +if [ $? = 0 ] +then +echo "" +else +echo " this seems to be a server, swithching to server mode" +sleep 2 +ubuntuserver14 +fi +export HOSTNAME +myhost=$( hostname ) +clear +sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}" +sudo apt-get -qq install realmd adcli sssd -y +sudo apt-get -qq install ntp -y +clear +sudo dpkg -l | grep realmd +if [ $? = 0 ] +then +clear +sudo echo "${INTRO_TEXT}"Pakages installed"${END}" +else +clear +sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection ,dpkg and apt-get update then try again."${INTRO_TEXT}" +exit +fi +sleep 1 +DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') +ping -c 2 $DOMAIN +if [ $? = 0 ] +then +clear +echo "${NUMBER}I searched for an available domain and found >>> $DOMAIN <<< ${END}" +read -p "Do you wish to use it (y/n)?" yn + case $yn in + [Yy]* ) echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}";; + + [Nn]* ) echo "Please enter the domain you wish to join:" + read -r DOMAIN;; + * ) echo 'Please answer yes or no.';; + esac +else +clear +echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" +echo "Please enter the domain you wish to join:" +read -r DOMAIN +fi +discovery=$(realm discover $DOMAIN | grep domain-name) +NetBios=$(echo $DOMAIN | cut -d '.' -f1) +echo "${INTRO_TEXT}"Please type Admin user"${END}" +read ADMIN +clear +sudo echo "${INTRO_TEXT}"Realm= $discovery"${INTRO_TEXT}" +sudo echo "${NORMAL}${NORMAL}" +var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) +if [ "$var" -eq "14" ] +then +echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}" +echo "Installing additional dependencies" +sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user +clear +sudo echo "${INTRO_TEXT}"Realm= $discovery"${INTRO_TEXT}" +sudo echo "${NORMAL}${NORMAL}" +sleep 1 +clear +sudo realm join -v -U $ADMIN $DOMAIN --install=/ +else + if [ "$var" -eq "16" ] + then + echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}" + sudo realm join --verbose --user=$ADMIN $DOMAIN + else + if [ "$var" -eq "17" ] + then + echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}" + sudo realm join --verbose --user=$ADMIN $DOMAIN + else + clear + sudo echo "${RED_TEXT}"I am having issuers to detect your Ubuntu version"${INTRO_TEXT}" + exit + fi + fi +fi +if [ $? -ne 0 ]; then + echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}" + exit +fi +sudo echo "############################" +sudo echo "Configuratig files.." +sudo echo "Verifying the setup" +sudo systemctl enable sssd +sudo systemctl start sssd +states=$( echo null ) +states1=$( echo null ) +grouPs=$( echo null ) +therealm=$( echo null ) +cauth=$( echo null ) +clear +read -p "${RED_TEXT}"'Do you wish to enable SSH login.group.allowed'"${END}""${NUMBER}"'(y/n)?'"${END}" yn + case $yn in + [Yy]* ) sudo echo "Cheking if there is any previous configuration" + if [ -f /etc/ssh/login.group.allowed ] +then +echo "Files seems already to be modified, skipping..." +else +echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" +echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth +sudo touch /etc/ssh/login.group.allowed +admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 ) +echo "" +echo "" +read -p "Is your current administrator = "$admins" ? (y/n)?" yn + case $yn in + [Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; + [Nn]* ) echo "please type name of current administrator" +read -p MYADMIN +sudo echo $MYADMIN | sudo tee -a /etc/ssh/login.group.allowed;; + * ) echo "Please answer yes or no.";; + esac +sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed +sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed +sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed +echo "enabled SSH-allow" +fi;; + [Nn]* ) echo "Disabled SSH login.group.allowed" + states1=$( echo 12 );; + * ) echo "Please answer yes or no.";; + esac +echo "" +echo "-------------------------------------------------------------------------------------------" +echo "" +read -p "${RED_TEXT}"'Do you wish to give users on this machine sudo rights?'"${END}""${NUMBER}"'(y/n)?'"${END}" yn + case $yn in + [Yy]* ) sudo echo "Cheking if there is any previous configuration" + if [ -f /etc/sudoers.d/sudoers ] +then +echo "" +echo "Sudoersfile seems already to be modified, skipping..." +echo "" +else +sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers +sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers +sudo echo "%domain\ users ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers +sudo echo "%DOMAIN\ admins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins +#sudo realm permit --groups "$myhost""sudoers" +fi;; + [Nn]* ) echo "Disabled sudo rights for users on this machine" + echo "" + echo "" + states=$( echo 12 );; + * ) echo 'Please answer yes or no.';; + esac +echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session +homedir=$( cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3 ) +if [ $homedir = 0022 ] +then +echo "pam_mkhomedir.so configured" +else +echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session +fi +sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" +sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" +therealm=$(realm discover $DOMAIN | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//') +if [ "$therealm" = no ] +then +echo Realm configured?.. "${RED_TEXT}"FAIL"${END}" +else +echo Realm configured?.. "${INTRO_TEXT}"OK"${END}" +fi +if [ $states = 12 ] +then +echo "Sudoers not configured... skipping" +else +if [ -f /etc/sudoers.d/sudoers ] +then +echo Checking sudoers file.. "${INTRO_TEXT}"OK"${END}" +else +echo checking sudoers file.. "${RED_TEXT}"FAIL"${END}" +fi +grouPs=$(cat /etc/sudoers.d/sudoers | grep -i "$myhost" | cut -d '%' -f2 | awk '{print $1}') +if [ "$grouPs" = "$myhost""sudoers" ] +then +echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}" +else +echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}" +fi +homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3) +if [ $homedir = 0022 ] +then +echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}" +else +echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}" +fi +if [ $states1 = 12 ] +then +echo "Disabled SSH login.group.allowed" +else +cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}') +if [ $cauth = allow ] +then +echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}" +else +echo Checking PAM auth configuration.. "${RED_TEXT}"FAIL"${END}" +fi +fi +exec sudo -u root /bin/sh - <