Update ADconnection.sh

ADconnection.sh

@@ -86,75 +86,62 @@ eof
 ubuntuclient14(){
 export HOSTNAME
 myhost=$( hostname )
-
+sudo update
-sudo apt-get update
+sudo apt-get install realmd adcli sssd -y
-sudo apt-get install openssh-server -y
+sudo apt-get install ntp -y
-#sudo apt-get install sssd -y
+sudo apt-get install realmd sssd sssd-tools samba-common krb5-user
-sudo wget http://download.beyondtrust.com/PBISO/8.0.1/linux.deb.x64/pbis-open-8.0.1.2029.linux.x86_64.deb.sh
-
-sudo chmod 777 pbis-open-8.0.1.2029.linux.x86_64.deb.sh
-yes| sudo ./pbis-open-8.0.1.2029.linux.x86_64.deb.sh
 clear
 echo "Please enter the domain you wish to join: "
 read DOMAIN
 echo "please enter Your domain’s NetBios name"
 read NetBios
-echo "type domain admin user"
+echo "Please enter a domain admin login to use: "
-read user
+read ADMIN
-sudo domainjoin-cli join $DOMAIN ${user}
+discovery=$(realm discover $DOMAIN | grep domain-name)
-sudo /opt/pbis/bin/config UserDomainPrefix $DOMAIN
+clear
-sudo /opt/pbis/bin/config AssumeDefaultDomain true
+sudo echo "${INTRO_TEXT}"Realm= $discovery"${INTRO_TEXT}"
-sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
+sudo echo "${NORMAL}${NORMAL}"
-sudo /opt/pbis/bin/update-dns
+sleep 1
-sudo /opt/pbis/bin/ad-cache --delete-all
+sudo realm join -v -U $ADMIN $DOMAIN --install=/
-sudo sed -i '30s/.*/session [success=ok default=ignore] pam_lsass.so/' /etc/pam.d/common-session
+if [ $? -ne 0 ]; then
-sudo sh -c "sed -i 's|ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|' /etc/ssh/sshd_config"
+    echo "AD join failed.  Please run 'journalctl -xn' to determine why."
-sudo sh -c "echo 'auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed' >> /etc/pam.d/common-auth"
+    exit 1
-sudo touch /etc/ssh/login.group.allowed
+fi
-sudo echo "administrator" >> /etc/ssh/login.group.allowed
+clear
-sudo echo "$NetBios"'\'"domain^admins" >> /etc/ssh/login.group.allowed
+echo "Please enter user to add (user WITHOUT the @server.server)"
-sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed
+read UseR
+sudo echo "Configuratig files" 
+sudo systemctl enable sssd
+sudo systemctl start sssd
+sudo rm tmp.sh
+echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session
+echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" >> /etc/pam.d/common-auth
 sudo sh -c "echo 'greeter-show-manual-login=true' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
 sudo sh -c "echo 'allow-guest=false' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
+sudo touch /etc/ssh/login.group.allowed
+sudo echo "administrator" >> /etc/ssh/login.group.allowed
+sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed
+sudo echo "$NetBios"'\'"$UseR" >> /etc/ssh/login.group.allowed
 sudo echo "administrator ALL=(ALL:ALL) ALL" >> /etc/sudoers
-sudo echo "%$NetBios"'\\'"domain^admins ALL=(ALL:ALL) ALL" >> /etc/sudoers
+sudo echo "$NetBios"'\'"domain^admins" >> /etc/ssh/login.group.allowed
-sudo echo "%$NetBios"'\\'"$myhost""sudoers ALL=(ALL:ALL) ALL" >> /etc/sudoers
+sudo echo "$NetBios"'\'"$myhost""sudoers" >> /etc/ssh/login.group.allowed
-sudo rm -rf pbis-open-8.0.1.2029.linux.x86_64.deb*
+sudo echo "$NetBios"'\\'"domain^admins ALL=(ALL:ALL) ALL" >> /etc/sudoers
-sudo sed -i '30s/.*/session [success=ok default=ignore] pam_lsass.so/' /etc/pam.d/common-session
+sudo echo "$NetBios"'\\'"$myhost""sudoers ALL=(ALL:ALL) ALL" >> /etc/sudoers
-while true; do
+sudo echo "$UseR"" ALL=(ALL:ALL) ALL" >> /etc/sudoers 
-   read -p '$myhost is added to sudoers group, would you like to let additional group to have access (y/n)?' yn
+sudo echo "%DOMAIN\ admins@$DOMAIN ALL=(ALL) ALL" >> /etc/sudoers.d/domain_admins
-   case $yn in
-    [Yy]* ) echo "type domain group"
-			read Group
-			sudo echo "$NetBios"'\'"$Group" >> /etc/ssh/login.group.allowed
-			sudo echo "%$NetBios"'\\'"$Group"" ALL=(ALL:ALL) ALL" >> /etc/sudoers
-			echo "$Group has been added and will have access"
-            break;;
-    [Nn]* ) echo "plese remember to reboot"
-            sleep 1        
-            ;;
-    * ) echo 'Please answer yes or no.';;
-   esac
-done
 echo "Check that the group is correct"
 echo "in Sudoers file..."
 sudo cat /etc/sudoers | grep $myhost
-sudo cat /etc/sudoers | grep $Group
 echo "in SSH allow file..."
 sudo cat /etc/ssh/login.group.allowed | grep $myhost
-sudo cat /etc/ssh/login.group.allowed | grep $Group
 echo " if this is wrong DO NOT REBOOT and contact sysadmin"
-while true; do
+exec sudo -u root /bin/sh - <<eof
-   read -p 'Do you want to Reboot now? (y/n)?' yn
+sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
-   case $yn in
+sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
-    [Yy]* ) sudo reboot
+echo "override_homedir = /home/%d/%u" >> /etc/sssd/sssd.conf
-            break;;
+eof
-    [Nn]* ) echo "plese remember to reboot"
+}
-            sleep 1        
+
-            exit ;;
-    * ) echo 'Please answer yes or no.';;
-   esac
-done
 ####################### Setup for Ubuntu 14 server #######################################
 
 }