DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 08:50:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

AD connection for Ubuntu 14,16 & Debian

Browse Source 
AD connection for Ubuntu 14 client and server ,16 client  & Debian
client.
This commit is contained in:
Linoge 2016-08-27 08:37:00 +02:00
commit 56ceff681c
1 changed files with 350 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

350
ADconnection.bash Normal file
View File

@ -0,0 +1,350 @@
#!/bin/bash
# ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ #
NORMAL=`echo "\033[m"`
MENU=`echo "\033[36m"` #Blue
NUMBER=`echo "\033[33m"` #yellow
FGRED=`echo "\033[41m"`
RED_TEXT=`echo "\033[31m"` #Red
ENTER_LINE=`echo "\033[33m"`
INTRO_TEXT=`echo "\033[32m"` #green and white text
INFOS=`echo "\033[103;30m"` #yellow bg
SUCCESS=`echo "\033[102;30m"` #green bg
WARNING=`echo "\033[101;30m"` #red bg
WARP=`echo "\033[106;30m"` #lightblue bg
BLACK=`echo "\033[109;30m"` #SPACE bg
END=`echo "\033[0m"`
# ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ #
sudo
####################### Setup for Ubuntu16 client #######################################
ubuntuclient16(){
export HOSTNAME
myhost=$( hostname )
sudo aptitude install realmd adcli sssd
sudo aptitude install ntp
echo "Please enter the domain you wish to join: "
read DOMAIN
echo "please enter Your domains NetBios name"
read NetBios
echo "Please enter a domain admin login to use: "
read ADMIN
sudo realm join --user=$ADMIN $DOMAIN
if [ $? -ne 0 ]; then
echo "AD join failed. Please run 'journalctl -xn' to determine why."
exit 1
fi
sudo systemctl enable sssd
sudo systemctl start sssd
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" >> /etc/pam.d/common-auth
sudo sh -c "echo 'greeter-show-manual-login=true' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo touch /etc/ssh/login.group.allowed
sudo echo "administrator" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed
sudo echo "administrator ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "%$NetBios"'\\'"domain^admins ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "%$NetBios"'\\'"$myhost""sudoers ALL=(ALL:ALL) ALL" >> /etc/sudoers
while true; do
read -p '$myhost is added to sudoers group, would you like to let additional group to have access (y/n)?' yn
case $yn in
[Yy]* ) echo "type domain group"
read Group
sudo echo "$NetBios"'\'"$Group" >> /etc/ssh/login.group.allowed
sudo echo "%$NetBios"'\\'"$Group"" ALL=(ALL:ALL) ALL" >> /etc/sudoers
echo "$Group has been added and will have access"
break;;
[Nn]* ) echo "plese remember to reboot"
sleep 1
exit ;;
* ) echo 'Please answer yes or no.';;
esac
done
echo "Check that the group is correct"
echo "in Sudoers file..."
sudo cat /etc/sudoers | grep $myhost
sudo cat /etc/sudoers | grep $Group
echo "in SSH allow file..."
sudo cat /etc/ssh/login.group.allowed | grep $myhost
sudo cat /etc/ssh/login.group.allowed | grep $Group
echo " if this is wrong DO NOT REBOOT and contact sysadmin"
while true; do
read -p 'Do you want to Reboot now? (y/n)?' yn
case $yn in
[Yy]* ) sudo reboot
break;;
[Nn]* ) echo "plese remember to reboot"
sleep 1
exit ;;
* ) echo 'Please answer yes or no.';;
esac
done
}
####################### Setup for Ubuntu14 client #######################################
ubuntuclient14(){
export HOSTNAME
myhost=$( hostname )
sudo apt-get update
sudo apt-get install openssh-server -y
sudo wget http://download.beyondtrust.com/PBISO/8.0.1/linux.deb.x64/pbis-open-8.0.1.2029.linux.x86_64.deb.sh
sudo chmod 777 pbis-open-8.0.1.2029.linux.x86_64.deb.sh
yes| sudo ./pbis-open-8.0.1.2029.linux.x86_64.deb.sh
clear
echo "Please enter the domain you wish to join: "
read DOMAIN
echo "please enter Your domains NetBios name"
read NetBios
echo "type domain admin user"
read user
echo $DOMAIN ${user}
sleep 10
sudo domainjoin-cli join $DOMAIN ${user}
sudo /opt/pbis/bin/config UserDomainPrefix $DOMAIN
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/update-dns
sudo /opt/pbis/bin/ad-cache --delete-all
sudo sed -i '30s/.*/session [success=ok default=ignore] pam_lsass.so/' /etc/pam.d/common-session
sudo sh -c "sed -i 's|ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|' /etc/ssh/sshd_config"
sudo sh -c "echo 'auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed' >> /etc/pam.d/common-auth"
sudo touch /etc/ssh/login.group.allowed
sudo echo "administrator" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed
sudo sh -c "echo 'greeter-show-manual-login=true' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo echo "administrator ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "%$NetBios"'\\'"domain^admins ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "%$NetBios"'\\'"$myhost""sudoers ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo rm -rf pbis-open-8.0.1.2029.linux.x86_64.deb*
sudo sed -i '30s/.*/session [success=ok default=ignore] pam_lsass.so/' /etc/pam.d/common-session
while true; do
read -p '$myhost is added to sudoers group, would you like to let additional group to have access (y/n)?' yn
case $yn in
[Yy]* ) echo "type domain group"
read Group
sudo echo "$NetBios"'\'"$Group" >> /etc/ssh/login.group.allowed
sudo echo "%$NetBios"'\\'"$Group"" ALL=(ALL:ALL) ALL" >> /etc/sudoers
echo "$Group has been added and will have access"
break;;
[Nn]* ) echo "plese remember to reboot"
sleep 1
exit ;;
* ) echo 'Please answer yes or no.';;
esac
done
echo "Check that the group is correct"
echo "in Sudoers file..."
sudo cat /etc/sudoers | grep $myhost
sudo cat /etc/sudoers | grep $Group
echo "in SSH allow file..."
sudo cat /etc/ssh/login.group.allowed | grep $myhost
sudo cat /etc/ssh/login.group.allowed | grep $Group
echo " if this is wrong DO NOT REBOOT and contact sysadmin"
while true; do
read -p 'Do you want to Reboot now? (y/n)?' yn
case $yn in
[Yy]* ) sudo reboot
break;;
[Nn]* ) echo "plese remember to reboot"
sleep 1
exit ;;
* ) echo 'Please answer yes or no.';;
esac
done
####################### Setup for Ubuntu server #######################################
}
ubuntuserver14(){
sudo wget http://download.beyondtrust.com/PBISO/8.0.1/linux.deb.x64/pbis-open-8.0.1.2029.linux.x86_64.deb.sh
sudo chmod 777 pbis-open-8.0.1.2029.linux.x86_64.deb.sh
yes| sudo ./pbis-open-8.0.1.2029.linux.x86_64.deb.sh
clear
echo "Please enter the domain you wish to join: "
read DOMAIN
echo "please enter Your domains NetBios name"
read NetBios
echo "Domain username:"
read user
echo "AD Group you wish to join"
read Group
sudo domainjoin-cli join $DOMAIN ${user}
sudo /opt/pbis/bin/config UserDomainPrefix $DOMAIN
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/update-dns
sudo /opt/pbis/bin/ad-cache --delete-all
sudo sed -i '30s/.*/session [success=ok default=ignore] pam_lsass.so/' /etc/pam.d/common-session
sudo sh -c "sed -i 's|ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|' /etc/ssh/sshd_config"
sudo sh -c "echo 'auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed' >> /etc/pam.d/common-auth"
sudo touch /etc/ssh/login.group.allowed
sudo echo "administrator" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"$Group" >> /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" >> /etc/ssh/login.group.allowed
sudo echo "administrator ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "%$NetBios"'\\'"domain^admins ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "%$NetBios"'\\'"$Group ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo rm -R pbis-open-8.0.1.2029.linux.x86_64*
while true; do
read -p '$Group is added to sudoers group, would you like to let additional group to have access (y/n)?' yn
case $yn in
[Yy]* ) echo "type domain group"
read Group
sudo echo "$NetBios"'\'"$Group" >> /etc/ssh/login.group.allowed
sudo echo "%$NetBios"'\\'"$Group"" ALL=(ALL:ALL) ALL" >> /etc/sudoers
echo "$Group has been added and will have access"
break;;
[Nn]* ) echo "plese remember to reboot"
sleep 1
exit ;;
* ) echo 'Please answer yes or no.';;
esac
done
echo "Check that the group is correct"
echo "in Sudoers file..."
sudo cat /etc/sudoers | grep $Group
echo "in SSH allow file..."
sudo cat /etc/ssh/login.group.allowed | grep $Group
echo " if this is wrong DO NOT REBOOT and contact sysadmin"
}
####################### Setup for Debian client #######################################
# This script should join Debian Jessie (8) to an Active Directory domain.
debianclient(){
export HOSTNAME
myhost=$( hostname )
sudo apt-get update
sudo apt-get install realmd adcli sssd -y
sudo apt-get install ntp -y
sudo mkdir -p /var/lib/samba/private
clear
echo "Please enter the domain you wish to join: "
read DOMAIN
echo "please enter Your domains NetBios name"
read NetBios
echo "Please enter a domain admin login to use: "
read ADMIN
sudo realm join --user=$ADMIN $DOMAIN
if [ $? -ne 0 ]; then
echo "AD join failed. Please run 'journalctl -xn' to determine why."
exit 1
fi
sudo systemctl enable sssd
sudo systemctl start sssd
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
# configure sudo
sudo apt-get install libsss-sudo -y
echo "Please enter new user without @mydomain"
read newuser
echo "%domain\ admins@$DOMAIN ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
sudo echo "administrator ALL=(ALL:ALL) ALL" >> /etc/sudoers
sudo echo "$newuser"'@'"$DOMAIN"" ALL=(ALL:ALL) ALL" >> /etc/sudoers
while true; do
read -p 'Do you want to Reboot now? (y/n)?' yn
case $yn in
[Yy]* ) sudo reboot
break;;
[Nn]* ) echo "plese remember to reboot"
sleep 1
exit ;;
* ) echo 'Please answer yes or no.';;
esac
done
}
readmes(){
clear
echo "${INTRO_TEXT} Active directory connection tool ${INTRO_TEXT}"
echo "${INTRO_TEXT} Examples ${INTRO_TEXT}"
echo "${INTRO_TEXT}domain to join:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER} mydomain.intra${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT} ${INTRO_TEXT}"
echo "${INTRO_TEXT}domains NetBios name:"${RED_TEXT}Example:${RED_TEXT}""${NUMBER} mydomain${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT} ${INTRO_TEXT}"
echo "${INTRO_TEXT}Domain username:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER} mrsmithADadmin${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT} ${INTRO_TEXT}"
echo "${INTRO_TEXT}AD Group to join:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER} Sudoers.global${NUMBER}"${INTRO_TEXT}"
echo "${RED_TEXT} user and compoter must Exist in AD before Join ${RED_TEXT}"
echo "${INTRO_TEXT} ${INTRO_TEXT}"
echo "${NUMBER}Remember to Check Hostname and att to AD ${NUMBER}"
sleep 90
echo -e "\033[0m"
/usr/bin/clear
exit
}
clear
echo "${INTRO_TEXT} Active directory connection tool ${INTRO_TEXT}"
echo "${INTRO_TEXT} Created by Pierre Goude ${INTRO_TEXT}"
echo "${INTRO_TEXT} This script will edit several critical files.. ${INTRO_TEXT}"
echo "${INTRO_TEXT} DO NOT attempt this without expert knowledge ${INTRO_TEXT}"
echo "${NORMAL} ${NORMAL}"
echo "${MENU}*${NUMBER} 1)${MENU} Setup AD on Ubuntu 14 Client ${NORMAL}"
echo "${MENU}*${NUMBER} 2)${MENU} Setup AD on Ubuntu 16 Client ${NORMAL}"
echo "${MENU}*${NUMBER} 3)${MENU} Setup AD on Ubuntu 14 Server ${NORMAL}"
echo "${MENU}*${NUMBER} 4)${MENU} Setup AD on Debian Jessie Client ${NORMAL}"
echo "${MENU}*${NUMBER} 5)${MENU} README with examples ${NORMAL}"
echo "${NORMAL} ${NORMAL}"
echo "${ENTER_LINE}Please enter a menu option and enter or ${RED_TEXT}enter to exit. ${NORMAL}"
read opt
while [ opt != '' ]
do
if [[ $opt = "" ]]; then
exit;
else
case $opt in
1) clear;
echo "Installing on Ubuntu 14 Client";
ubuntuclient14;
;;
2) clear;
echo "Installing on Ubuntu 16 Client";
ubuntuclient16;
;;
3) clear;
echo "Installing on Ubuntu 14 Server";
ubuntuserver14
;;
4) clear;
echo "Installing on Debian Jessie client"
debianclient
;;
5) clear;
echo "READ ME"
readmes
;;
x)exit;
;;
\n)exit;
;;
*)clear;
opt "Pick an option from the menu";
show_etcmenu;
;;
esac
fi
done