DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 16:50:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added admin options

Browse Source 
Added admin options to allow or disallow ssh-login permmition
also added the possibility to choose if you wish to give the users sudo rights or not.
This commit is contained in:
PierreGoude 2017-06-14 15:04:32 +02:00 committed by GitHub
parent 17816a9188
commit ea1e26609e
1 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
ADconnection.sh
View File

@ -57,7 +57,7 @@ exit
fi fi
sleep 1 sleep 1
DOMAIN=$(realm discover | grep -i realm.name | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//') DOMAIN=$(realm discover | grep -i realm.name | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
ping -c 1 $DOMAIN ping -c 2 $DOMAIN
if [ $? = 0 ] if [ $? = 0 ]
then then
clear clear
@ -121,22 +121,28 @@ sudo echo "Configuratig files.."
sudo echo "Verifying the setup" sudo echo "Verifying the setup"
sudo systemctl enable sssd sudo systemctl enable sssd
sudo systemctl start sssd sudo systemctl start sssd
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" clear
sleep 4 read -p "Do you wish to enable SSH allow/disble protection (y/n)?" yn
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session case $yn in
[Yy]* ) sudo echo "Cheking if there is any previous configuration"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo echo "Cheking if there is any previous configuration"
if [ -f /etc/ssh/login.group.allowed ] if [ -f /etc/ssh/login.group.allowed ]
then then
echo "Files seems already to be modified, skipping..." echo "Files seems already to be modified, skipping..."
else else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
sudo touch /etc/ssh/login.group.allowed sudo touch /etc/ssh/login.group.allowed
sudo echo "administrator" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "administrator" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
fi echo "enabled SSH-allow"
fi;;
[Nn]* ) echo "disabled SSH allow";;
* ) echo "Please answer yes or no.";;
esac
read -p "Do you wish to give users on this machine sudo rights? (y/n)?" yn
case $yn in
[Yy]* ) sudo echo "Cheking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] if [ -f /etc/sudoers.d/sudoers ]
then then
echo "Sudoersfile seems already to be modified, skipping..." echo "Sudoersfile seems already to be modified, skipping..."
@ -146,7 +152,14 @@ sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sud
sudo echo "%domain\ users ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%domain\ users ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins sudo echo "%DOMAIN\ admins ALL=(ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers" #sudo realm permit --groups "$myhost""sudoers"
fi fi;;
[Nn]* ) echo "disabled sudo rights for users on this machine";;
* ) echo 'Please answer yes or no.';;
esac
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
therealm=$(realm discover $DOMAIN | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//') therealm=$(realm discover $DOMAIN | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
if [ $therealm = no ] if [ $therealm = no ]
then then
@ -186,6 +199,7 @@ sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
cat /etc/sssd/sssd.conf | grep -i override cat /etc/sssd/sssd.conf | grep -i override
sudo service sssd restart
if [ $? = 0 ] if [ $? = 0 ]
then then
echo "Checking sssd config.. OK" echo "Checking sssd config.. OK"