#!/bin/bash ################################################################################################################################## # # # This script is written by Pierre Gode https://github.com/PierreGode # # # # This program is open source; you can redistribute it and/or modify it under the terms of the GNU General Public # # This is an normal bash script and can be executed with sh EX: ( sudo sh ADconnection.sh ) # # Generic user setup is: administrator, domain admins, groupnamesudores= groupname=hostname + sudoers on group name in AD groups # # Supported OS's: Ubuntu 14-22 + mate,Debian ,Cent OS,Rasbian ,Fedora, Linux Mint,Elementary OS and Kali ( autodetect function ) # #This scrips is a long serie of small updates and not well planned, the script works as expected, but this is not beautiful code # # Maybe someday I re-do the script and make it "good code" but overall it has minimal shellcheck issues # ################################################################################################################################## #known bugs:sometimes domain discovery fails, it can help canceling the script and re-running it, if not verify dns setting on client, #and on DC, also check that searchname has your domain # /etc/sssd/sssd.alternatives for more advanced or specific setups of SSSD # ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ # NORMAL=$(printf "\033[m") MENU=$(printf "\033[36m") NUMBER=$(printf "\033[33m") RED_TEXT=$(printf "\033[31m") INTRO_TEXT=$(printf "\033[32m") END=$(printf "\033[0m") # ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ # ####################### final auth ################################################################## #this section will do the last part, configure sssd, ssh, login session sam files and sudoers# fi_auth(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) sudo echo "############################" sudo echo "Configuratig files.." sudo echo "Verifying the setup" sudo systemctl enable sssd sudo systemctl start sssd states="null" states1="null" grouPs="null" therealm="null" cauth="null" clear admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) sshsec=$( sudo grep SSHSECURE readfile | awk '{print $3}' ) if [ "$sshsec" = "yes" ] then if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 then echo "SSHsecurity Files seems already to be modified, skipping..." else echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed localadmin=$( sudo grep LOCALADMIN readfile | awk '{print $3}' ) if [ "$localadmin" = "null" ] then localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) else sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed #sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed cat /etc/passwd | grep home | while read locaussh do echo $locaussh | grep home | grep bash | cut -d ':' -f1 | sudo tee -a sudo tee -a /etc/ssh/login.group.allowed done echo "enabled SSH-allow" fi fi else if [ "$sshsec" = "no" ] then echo "Skipping SSHSecurity config" else read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 then echo " SSHsecurityFiles seems already to be modified, skipping..." else echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed #sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed cat /etc/passwd | grep home | while read locaussh do echo $locaussh | grep home | grep bash | cut -d ':' -f1 | sudo tee -a sudo tee -a /etc/ssh/login.group.allowed done echo "enabled SSH-allow" echo "" echo "" fi ;; [Nn]* ) echo "Skipped ssh config" states1="12";; esac fi fi echo "" echo "-------------------------------------------------------------------------------------------" echo "" givesudo=$( sudo grep SUDOERS readfile | awk '{print $3}' ) if [ "$givesudo" = "yes" ] then if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "" echo "sudoers.d/sudoers file seems already to be modified, skipping..." echo "" else disssu=$( sudo grep DISSPROMT readfile | awk '{print $3}' ) if [ "$disssu" = "yes" ] then sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" else if [ "$disssu" = "no" ] then sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" else echo "error in readfile config, setting to default" sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers fi fi fi else if [ "$givesudo" = "no" ] then echo "Not giving a sudo" sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed echo "Skipping" states="12" else read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "" echo "The Sudoers file seems already to be modified, skipping..." echo "" else read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" ;; [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" ;; * ) echo "Please answer yes or no.";; esac fi ;; [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers echo "Disabled sudo rights for users on this machine" echo "" echo "" states="12";; * ) echo "Please answer yes or no." ;; esac fi fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0077" ] then echo "pam_mkhomedir.so configured" sleep 1 else echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" | sudo tee -a /etc/pam.d/common-session fi Arm=$( sudo hostnamectl | grep Architecture | awk '{print $2}' ) if [ "$Arm" = "arm" ] then sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu-mate.conf" sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu-mate.conf" else logintrue=$( grep -i -m1 "login" /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ) if [ -f /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ] then if [ "$logintrue" = "greeter-show-manual-login=true" ] then echo "50-ubuntu.conf is already configured.. skipping" else sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" fi else echo "No lightdm to configure" fi fi clear sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf echo "override_homedir = /home/%u" | sudo tee -a /etc/sssd/sssd.conf sudo sudo grep -i override /etc/sssd/sssd.conf #sudo echo "[nss] #filter_groups = root #filter_users = root #reconnection_retries = 3 #entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf sudo sed -i '/krb5_realm =/a entry_cache_group_timeout = 5400' /etc/sssd/sssd.conf sudo sed -i '/krb5_realm =/a entry_cache_user_timeout = 5400' /etc/sssd/sssd.conf ####################################################################################### sudo echo "#entry_cache_user_timeout = 5400 #entry_cache_group_timeout = 5400 #cache_credentials = TRUE ### Added to help with group mapping ###ldap_use_tokengroups = False #ldap_schema = rfc2307bis #ldap_schema = rfc2307 #ldap_schema = IPA #ldap_schema = AD #ldap_search_base = DC=$NetBios,DC=$coms #ldap_group_member = uniquemember #ad_enable_gc = False entry_cache_timeout = 600 entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives ############################## load from readfile to sssd ########################################## if [ -f readfile ] then sudo service sssd restart sleep 1 clear usesasl=$( sudo grep USESASL readfile | awk '{print $3}' ) if [ "$usesasl" = "no" ] then echo "Skipping SASL" else if [ "$usesasl" = "yes" ] then sasl=$( sudo grep LDAPS readfile | awk '{print $3}' ) if [ "$sasl" = "null" ] then echo "You need to specify domaincontroller in readfile" exit else echo "$sasl" cacer=$( sudo grep CACERT readfile | awk '{print $3}' ) if ! ls "$cacer" then echo "No root CA found, check your path to file" else echo "Applied config from readfile" sed -i "/krb5_realm = /a ldap_uri = $sasl" /etc/sssd/sssd.conf sed -i "/krb5_realm = /a ldap_tls_cacert = $cacer" /etc/sssd/sssd.conf echo "Applied config from readfile" fi fi else echo "For SASL put you company root-ca.cer in /usr/share/ca-certificates/root/ folder" read -r -p "Do you wish to use SASL (LDAPS) (y/n)?" yn case $yn in [Yy]* ) if [ -f "/usr/share/ca-certificates/root/*.cer" ] then cacert=$( ls /usr/share/ca-certificates/root/ | grep .cer | head -1 ) echo "Type in address of your Domaincontroller: ex: dc01.com" read -r yourDC clear sasl=$( echo "ldaps://"$yourDC":636" ) echo "DC sssd configuration will be $sasl" echo "Found certificate $cacer" read -r -p "Is this information correct (y/n)?" yn case $yn in [Yy]* ) tlsca=$( sudo grep ldap_tls_cacert /etc/sssd/sssd.conf | awk '{print $1}' ) if [ "$tlsca" = "ldap_tls_cacert" ] then echo "ldap_tls_cacert already in file" exit 1 else sed -i "/krb5_realm = /a ldap_uri = $sasl" /etc/sssd/sssd.conf sed -i "/krb5_realm = /a ldap_tls_cacert = $cacer" /etc/sssd/sssd.conf #sed -i -e 's/id_provider = ad/id_provider = ldap/g' /etc/sssd/sssd.conf # failing line: giving no on configured: and user is unable to update password. sudo service sssd restart fi;; [Nn]* )echo "";; * ) echo "Please answer yes or no.";; esac else echo "No certificate found" fi;; [Nn]* )echo "";; * ) echo "Please answer yes or no.";; esac fi fi else echo "Skipped ldaps" fi ############################## altSecurityIdentities ############################################### #sudo echo " #ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities #ldap_user_ssh_public_key = altSecurityIdentities" | sudo tee -a /etc/sssd/sssd.conf ################################# Check ####################################### if ! sudo service sssd restart then echo "sssd config.. ${RED_TEXT}FAIL${END}" else echo "sssd config.. ${INTRO_TEXT}OK${END}" fi if ! realm discover < /dev/null > /dev/null 2>&1 then echo "Realm not installed" else therealm=$(realm discover "$DOMAIN" | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//') if [ "$therealm" = "no" ] then echo "Realm configured?.. ${NUMBER}NO${END}" else echo "Realm configured?.. ${INTRO_TEXT}YES${END}" fi fi if [ $states = 12 ] then echo "Sudoers not configured... skipping" else if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "Checking sudoers file.. ${INTRO_TEXT}OK${END}" else echo "Checking sudoers file.. ${RED_TEXT}FAIL${END}" fi grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1) if [ "$grouPs" = "$myhost""sudoers" ] then echo "Checking sudoers groups.. ${INTRO_TEXT}OK${END}" else echo "Checking sudoers groups.. ${RED_TEXT}FAIL${END}" fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0077" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM session configuration.. ${INTRO_TEXT}OK${END}" else echo "Checking PAM session configuration.. ${RED_TEXT}FAIL${END}" fi if [ $states1 = 12 ] then echo "Disabled SSH login.group.allowed" else cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}' | head -1 ) if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration.. ${INTRO_TEXT}OK${END}" else echo "Checking PAM auth configuration.. ${RED_TEXT}FAIL${END}" fi fi #realm discover $DOMAIN if ! realm discover then echo "realm not found" else if [ "$therealm" = "no" ] then echo "${RED_TEXT}Join has Failed${END}" else lastverify=$( realm discover "$DOMAIN" | grep -m 1 "$DOMAIN" ) echo "" echo "${INTRO_TEXT}joined to $lastverify${END}" echo "" notify-send ADconnection "Joined $lastverify " fi fi echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}" exit fi echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}" exit } ####################### final auth yum ################################################################## #this section will do the last part, configure sssd, sam files and sudoers# same as final auth #Fixes to CentOS 2019/12# fi_auth_yum(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) sudo echo "############################" sudo echo "Configuratig files.." sudo echo "Verifying the setup" sudo systemctl enable sssd sudo systemctl start sssd states="null" states1="null" grouPs="null" therealm="null" cauth="null" clear admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) sshsec=$( sudo grep SSHSECURE readfile | awk '{print $3}' ) if [ "$sshsec" = "yes" ] then if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 then echo "SSHsecurity Files seems already to be modified, skipping..." else echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed localadmin=$( sudo grep LOCALADMIN readfile | awk '{print $3}' ) if [ "$localadmin" = "null" ] then localadmin=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) else sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed echo "enabled SSH-allow" fi fi else if [ "$sshsec" = "no" ] then echo "Skipping SSHSecurity config" else read -r -p "Do you wish to enable SSH login.group.allowed(y/n)?" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 then echo " SSHsecurityFiles seems already to be modified, skipping..." else echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed echo "enabled SSH-allow" echo "" echo "" fi ;; [Nn]* ) echo "Skipped ssh config" states1="12";; esac fi fi echo "" echo "-------------------------------------------------------------------------------------------" echo "" givesudo=$( sudo grep SUDOERS readfile | awk '{print $3}' ) if [ "$givesudo" = "yes" ] then if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "" echo "sudoers.d/sudoers file seems already to be modified, skipping..." echo "" else disssu=$( sudo grep DISSPROMT readfile | awk '{print $3}' ) if [ "$disssu" = "yes" ] then sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" else if [ "$disssu" = "no" ] then sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" else sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers fi fi fi else if [ "$givesudo" = "no" ] then echo "Not giving a sudo" sudo echo "$localadmin" | sudo tee -a /etc/ssh/login.group.allowed echo "Skipping" states="12" else read -r -p "Do you wish to give users on this machine sudo rights?(y/n)?" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "" echo "The Sudoers file seems already to be modified, skipping..." echo "" else read -r -p "Do you wish to DISABLE password prompt for users in terminal?(y/n)?" yn case $yn in [Yy]* ) sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" ;; [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" ;; * ) echo "Please answer yes or no.";; esac fi ;; [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers echo "Disabled sudo rights for users on this machine" echo "" echo "" states="12";; * ) echo "Please answer yes or no." ;; esac fi fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0077" ] then echo "pam_mkhomedir.so configured" sleep 1 else echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" | sudo tee -a /etc/pam.d/common-session fi logintrue=$( grep -i -m1 "login" /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ) if [ -f /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ] then if [ "$logintrue" = "greeter-show-manual-login=true" ] then echo "50-ubuntu.conf is already configured.. skipping" else sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" fi else echo "No lightdm to configure" fi coms=$( echo "$DOMAIN" | cut -d '.' -f2 ) clear sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf echo "override_homedir = /home/%u" | sudo tee -a /etc/sssd/sssd.conf sudo sudo grep -i override /etc/sssd/sssd.conf #sudo echo "[nss] #filter_groups = root #filter_users = root #reconnection_retries = 3 #entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf sudo sed -i '/krb5_realm =/a entry_cache_group_timeout = 5400' /etc/sssd/sssd.conf sudo sed -i '/krb5_realm =/a entry_cache_user_timeout = 5400' /etc/sssd/sssd.conf sudo echo "#entry_cache_user_timeout = 5400 #entry_cache_group_timeout = 5400 #cache_credentials = TRUE ### Added to help with group mapping ###ldap_use_tokengroups = False #ldap_schema = rfc2307bis #ldap_schema = rfc2307 #ldap_schema = IPA #ldap_schema = AD #ldap_search_base = DC=$NetBios,DC=$coms #ldap_group_member = uniquemember #ad_enable_gc = False entry_cache_timeout = 600 entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives sudo service sssd restart clear usesasl=$( sudo grep USESASL readfile | awk '{print $3}' ) if [ "$usesasl" = "no" ] then echo "Skipping SASL" else if [ "$usesasl" = "yes" ] then sasl=$( sudo grep LDAPS readfile | awk '{print $3}' ) if [ "$sasl" = "null" ] then echo "You need to specify domaincontroller in readfile" exit else echo "$sasl" cacer=$( sudo grep CACERT readfile | awk '{print $3}' ) if ! ls "$cacer" then echo "No root CA found, check your path to file" else echo "Applied config from readfile" sed -i "/krb5_realm = /a ldap_uri = $sasl" /etc/sssd/sssd.conf sed -i "/krb5_realm = /a ldap_tls_cacert = $cacer" /etc/sssd/sssd.conf echo "Applied config from readfile" fi fi else echo "For SASL put you company root-ca.cer in /usr/share/ca-certificates/root/ folder" read -r -p "Do you wish to use SASL (LDAPS) (y/n)?" yn case $yn in [Yy]* ) if [ -f "/usr/share/ca-certificates/root/*.cer" ] then cacert=$( ls /usr/share/ca-certificates/root/ | grep .cer | head -1 ) echo "Type in address of your Domaincontroller: ex: dc01.com" read -r yourDC clear sasl=$( echo "ldaps://"$yourDC":636" ) echo "DC sssd configuration will be $sasl" echo "Found certificate $cacer" read -r -p "Is this information correct (y/n)?" yn case $yn in [Yy]* ) tlsca=$( sudo grep ldap_tls_cacert /etc/sssd/sssd.conf | awk '{print $1}' ) if [ "$tlsca" = "ldap_tls_cacert" ] then echo "ldap_tls_cacert already in file" exit 1 else sed -i "/krb5_realm = /a ldap_uri = $sasl" /etc/sssd/sssd.conf sed -i "/krb5_realm = /a ldap_tls_cacert = $cacer" /etc/sssd/sssd.conf #sed -i -e 's/id_provider = ad/id_provider = ldap/g' /etc/sssd/sssd.conf # failing line: giving no on configured: and user is unable to update password. sudo service sssd restart fi;; [Nn]* )echo "";; * ) echo "Please answer yes or no.";; esac else echo "No certificate found" fi;; [Nn]* )echo "";; * ) echo "Please answer yes or no.";; esac fi fi ####################### Check ######################### if ! sudo service sssd restart then echo "SSSD failed relading, please see journalctl -xe" fi if ! realm discover then echo "no realm found" else therealm=$(realm discover "$DOMAIN" | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//') if [ "$therealm" = "no" ] then echo "Realm configured?.. NO" else echo "Realm configured?.. YES" fi fi if [ "$states" = "12" ] then echo "Sudoers not configured... skipping" else if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "Checking sudoers file.. OK" else echo "Checking sudoers file.. FAIL" fi grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1) if [ "$grouPs" = "$myhost""sudoers" ] then echo "Checking sudoers user groups.. OK" else echo "Checking sudoers user groups.. FAIL" fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0077" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM configuration.. OK" else echo "Checking PAM configuration.. FAIL" fi if [ "$states1" = "12" ] then echo "Disabled SSH login.group.allowed" else cauth=$( grep required /etc/pam.d/sshd | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}' | head -1 ) if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration.. OK" else echo "Checking PAM auth configuration.. FAIL" fi fi #realm discover $DOMAIN if ! realm discover then echo "realm not found" else if [ "$therealm" = "no" ] then echo "Join has Failed" else lastverify=$( realm discover "$DOMAIN" | grep -m 1 "$DOMAIN" ) echo "" echo "joined to $lastverify" echo "" notify-send ADconnection "Joined $lastverify" fi fi echo "Please reboot your machine and wait 3 min for Active Directory to sync before login" exit fi echo "Please reboot your machine and wait 3 min for Active Directory to sync before login" exit } ####################### Setup for Ubuntu 14,16 and 17 clients ####################################### #Runs ADjoin in debug mode. meaning it opens terminals following logs linuxclientdebug(){ desktop=$(sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop | head -1 | awk '{print$1}') gnome-terminal --geometry=130x20 -e "bash -c \"journalctl -fxe; exec bash\"" gnome-terminal --geometry=130x20 -e "bash -c \"journalctl -fxe | grep -i -e closed -e Successfully -e 'Preauthentication failed' -e 'authenticate' -e 'Failed to join the domain'; exec bash\"" linuxclient } ################################## Join for linux clients ########################################## linuxclient(){ TheOS=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1 MintOS=$( hostnamectl | grep -i Operating | awk '{print $4}' ) < /dev/null > /dev/null 2>&1 rasp=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) < /dev/null > /dev/null 2>&1 kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) < /dev/null > /dev/null 2>&1 elementary=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1 SUSE=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1 clear #### OS detection #### if [ "$TheOS" = "Zorin" ] < /dev/null > /dev/null 2>&1 then Zorin_os else if [ "$TheOS" = "Fedora" ] < /dev/null > /dev/null 2>&1 then echo "Fedora detected" Fedora_fn else if [ "$TheOS" = "CentOS" ] < /dev/null > /dev/null 2>&1 then echo "Cent OS detected" CentOS else if [ "$TheOS" = "Debian" ] < /dev/null > /dev/null 2>&1 then echo "Debian detected" debianclient else if [ "$TheOS" = "SUSE" ] < /dev/null > /dev/null 2>&1 then echo "SUSE detected" SUSEclient else if [ "$TheOS" = "Ubuntu" ] < /dev/null > /dev/null 2>&1 then echo "Ubuntu detected" echo "" echo "Checking if it is a Desktop or server" desktop=$( sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop | head -1 | awk '{print$1}' ) < /dev/null > /dev/null 2>&1 if [ "$desktop" = "desktop" ] < /dev/null > /dev/null 2>&1 then echo "Ubuntu Desktop detected" UbuntU else echo " this seems to be a server, swithching to server mode" ubuntuserver14 fi else if [ "$rasp" = "Raspbian" ] < /dev/null > /dev/null 2>&1 then echo "${INTRO_TEXT}Detecting Raspberry Pi${END}" raspberry else if [ "$kalilinux" = "Kali" ] < /dev/null > /dev/null 2>&1 then echo "${INTRO_TEXT}Detecting Kali linux${END}" kalijoin else if [ "$elementary" = "elementary" ] then echo "${INTRO_TEXT}Detected Elementary${END}" sleep 1 elemntary_fn else if [ "$MintOS" = Mint ] then echo "Detecting Linux Mint" LinuxMint else echo "No compatible System found" exit fi fi fi fi fi fi fi fi fi fi } ################################ Ubuntu 14-20 ########################################### UbuntU(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear sudo apt install adcli -y sudo echo "${NUMBER}Installing packages do no abort!.......${END}" if ! sudo apt-get -qq install realmd adcli sssd ntp curl -y && sudo apt-get -qq install -f -y then echo "${RED_TEXT}Failed installing packages, please resolve dpkg and try again ${END}" exit 1 fi clear if ! sudo dpkg -l | grep realmd then clear sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}" else clear sudo echo "${INTRO_TEXT}packages installed${END}" fi pointtoou=$( sudo grep OUSPECIFIED readfile | awk '{print $3}' ) if [ "$pointtoou" = "null" ] then pointtoou=$(echo="" ) fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else REALM=$( realm discover | grep domain | awk '{print $2}' ) echo "Using Domain: $REALM" DOMAIN=$(echo "$REALM") fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) if [ "$var" -eq "14" ] then echo "Installing additional dependencies" sudo apt-get -qq install -y realmd sssd curl sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y clear echo "${INTRO_TEXT}Detecting Ubuntu $var${END}" sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) echo "Admin is $ADMIN" fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" "$OUSPECIFIED" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$ADMIN" "$DOMAIN" "$OUSPECIFIED" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) exit fi else echo "No files found, please try again" enc=$(null) exit fi else echo "No readfile" if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" "$OUSPECIFIED" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi fi fi else if [ "$var" -eq "16" ] then echo "${INTRO_TEXT}Detected Ubuntu $var${END}" clear sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" "$OUSPECIFIED"--install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$ADMIN" "$DOMAIN" "$OUSPECIFIED"--install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) exit fi else echo "No files found, please try again" enc=$(null) exit fi else if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" "$OUSPECIFIED" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi exit fi fi else if [ "$var" -eq "17" ] || [ "$var" -eq "18" ] || [ "$var" -eq "19" ] || [ "$var" -eq "20" ] || [ "$var" -eq "21" ] || [ "$var" -eq "22" ] then echo "${INTRO_TEXT}Detected Ubuntu $var${END}" sleep 1 clear if [ "$var" -eq "19" ] || [ "$var" -eq "20" ] || [ "$var" -eq "21" ] || [ "$var" -eq "22" ] then if [ -f /etc/apt/sources.list.d/aroth-ubuntu-ppa-eoan.list ] then sudo apt-get update #sudo apt-get --only-upgrade install adcli #sudo apt install adcli -y else echo"" #sudo add-apt-repository ppa:aroth/ppa sudo apt-get update #sudo apt-get --only-upgrade install adcli sudo apt install adcli -y echo "" fi fi clear sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" "$OUSPECIFIED"--install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$ADMIN" "$DOMAIN" "$OUSPECIFIED"--install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) exit fi else echo "No files found, please try again" enc=$(null) exit fi else if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" "$OUSPECIFIED"--install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi exit fi fi else clear sudo echo "${RED_TEXT}I am having issues to detect your Ubuntu version${END}" exit fi fi fi fi_auth } ################################ Zorin ########################################### Zorin_os(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear sudo apt install adcli -y sudo echo "${NUMBER}Installing packages do no abort!.......${END}" if ! sudo apt-get -qq install realmd adcli sssd ntp curl -y && sudo apt-get -qq install -f -y then echo "${RED_TEXT}Failed installing packages, please resolve dpkg and try again ${END}" exit 1 fi clear if ! sudo dpkg -l | grep realmd then clear sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}" else clear sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else REALM=$( realm discover | grep domain | awk '{print $2}' ) echo "Using Domain: $REALM" DOMAIN=$(echo "$REALM") fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) if [ "$var" -eq "14" ] then echo "Installing additional dependencies" sudo apt-get -qq install -y realmd sssd curl sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y clear echo "${INTRO_TEXT}Detecting Ubuntu $var${END}" sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) echo "Admin is $ADMIN" fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) exit fi else echo "No files found, please try again" enc=$(null) exit fi else echo "No readfile" if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi fi fi else if [ "$var" -eq "16" ] then echo "${INTRO_TEXT}Detected Ubuntu $var${END}" clear sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) exit fi else echo "No files found, please try again" enc=$(null) exit fi else if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi exit fi fi else if [ "$var" -eq "14" ] || [ "$var" -eq "15" ] || [ "$var" -eq "16" ] || [ "$var" -eq "17" ] then echo "${INTRO_TEXT}Detected Zorin ${END}" sleep 1 clear if [ "$var" -eq "15" ] || [ "$var" -eq "16" ] then if [ -f /etc/apt/sources.list.d/aroth-ubuntu-ppa-eoan.list ] then sudo apt-get update #sudo apt-get --only-upgrade install adcli sudo apt install adcli -y else echo"" echo "" echo "To avoid encryption error with adcli please accept PPA below for an adcli update" echo "" sudo add-apt-repository ppa:aroth/ppa sudo apt-get update #sudo apt-get --only-upgrade install adcli sudo apt install adcli -y echo "" fi fi clear sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) exit fi else echo "No files found, please try again" enc=$(null) exit fi else if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi exit fi fi else clear sudo echo "${RED_TEXT}I am having issues to detect your Zorin version${END}" exit fi fi fi fi_auth } ####################### Setup for Ubuntu server ubuntu 14-20 ####################################### ubuntuserver14(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}" sudo apt install adcli -y sudo apt-get -qq install realmd adcli sssd -y sudo apt-get -qq install ntp -y sudo apt-get -qq install -y sssd-tools samba-common krb5-user curl sudo apt-get -qq install -f -y clear if ! sudo dpkg -l | grep realmd then clear sudo echo "${RED_TEXT}Installing packages failed.. please check connection and dpkg and try again.${END}" exit else clear sudo echo "${INTRO_TEXT}packages installed${END}" fi sleep 1 REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover| grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else echo "Using Domain: $REALM" DOMAIN=$(echo "$REALM") fi sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}" sudo echo "${NORMAL}${NORMAL}" admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r DomainADMIN else DomainADMIN=$( echo $admin ) fi encrypt=$( sudo grep ENCRYPTEDPASSWD readfile | awk '{print $3}' ) if [ "$encrypt" = "null" ] || [ "$encrypt" = "no" ] then if ! sudo realm join --verbose --user="$DomainADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$encrypt" = "yes" ] then if [ -f private_key.pem ] && [ -f public_key.pem ] then enc=$(sudo openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted.dat ) if ! echo $enc | sudo realm join -v -U "$DomainADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" enc=$(null) < /dev/null > /dev/null 2>&1 exit fi else echo "No files found, please try again" enc=$(null) exit fi else if ! sudo realm join --verbose --user="$DomainADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi exit fi fi echo "${NUMBER}Please type group name in AD for admins${END}" read -r Mysrvgroup sudo echo "############################" sudo echo "Configuratig files.." sudo echo "Verifying the setup" sudo systemctl enable sssd sudo systemctl start sssd states="null" states1="null" grouPs="null" therealm="null" cauth="null" clear read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1 then echo "Files seems already to be modified, skipping..." else echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login" echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth sudo touch /etc/ssh/login.group.allowed admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) echo "" echo "" read -r -p "Is your current administrator = $admins ? (y/n)?" yn case $yn in [Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;; [Nn]* ) echo "please type name of current administrator" read -r -p MYADMIN sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;; * ) echo "Please answer yes or no.";; esac sudo echo "$Mysrvgroup" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed echo "enabled SSH-allow" fi;; [Nn]* ) echo "Disabled SSH login.group.allowed" states1="12";; * ) echo "Please answer yes or no.";; esac echo "" echo "-------------------------------------------------------------------------------------------" echo "" read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn case $yn in [Yy]* ) sudo echo "Checking if there is any previous configuration" if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "" echo "Sudoers file seems already to be modified, skipping..." echo "" else sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$Mysrvgroup""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%domain\ users ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins #sudo realm permit --groups "$myhost""sudoers" fi;; [Nn]* ) echo "Disabled sudo rights for users on this machine" echo "" echo "" states="12";; * ) echo 'Please answer yes or no.';; esac echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" | sudo tee -a /etc/pam.d/common-session sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf" if ! realm discover then echo "Realm not found" else therealm=$( realm discover | grep -i realm-name | awk '{print $2}') if [ "$therealm" = "no" ] then echo Realm configured?.. "${NUMBER}NO${END}" else echo Realm configured?.. "${INTRO_TEXT}YES${END}" fi fi if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo Checking sudoers file.. "${INTRO_TEXT}OK${END}" else echo checking sudoers file.. "${RED_TEXT}FAIL not configured${END}" fi grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1) if [ "$grouPs" = "$myhost""sudoers" ] then echo "Checking sudoers users.. ${INTRO_TEXT}OK${END}" else echo "Checking sudoers users.. ${RED_TEXT}FAIL${END}" fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0077" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM configuration.. ${INTRO_TEXT}OK${END}" else echo "Checking PAM configuration.. ${RED_TEXT}FAIL${END}" fi cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1 | head -1 ) if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM auth configuration..${INTRO_TEXT}OK${END}" else echo "Checking PAM auth configuration..${RED_TEXT}SSH security not configured${END}" fi sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf echo "override_homedir = /home/%u" | sudo tee -a /etc/sssd/sssd.conf sudo grep -i override /etc/sssd/sssd.conf #sudo echo "[nss] #filter_groups = root #filter_users = root #reconnection_retries = 3 #entry_cache_timeout = 600 #entry_cache_user_timeout = 5400 #entry_cache_group_timeout = 5400 #cache_credentials = TRUE #entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf sudo service sssd restart realm discover "$DOMAIN" echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${END}" exit } ####################################### Kali ############################################ kalijoin(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) export whoami whoamis=$( whoami ) admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}" sudo apt install adcli -y sudo apt-get -qq update sudo apt-get -qq install libsss-sudo -y sudo apt-get -qq install adcli -y sudo apt-get -qq install realmd adcli sssd -y sudo apt-get -qq install ntp curl -y sudo apt-get -qq install policykit-1 -y sudo mkdir -p /var/lib/samba/private sudo apt-get -qq install realmd adcli sssd -y sudo apt-get -qq install ntp -y sudo apt-get -qq install -f -y clear if ! sudo dpkg -l | grep realmd then clear sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}" exit else clear sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else DOMAIN=$( realm discover | grep -i realm.name | awk '{print $2}' ) echo "Using Domain: $DOMAIN" #DOMAIN=$(echo "$REALM") fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi clear sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}" sudo echo "${NORMAL}${NORMAL}" if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi fi_auth } ####################################### SUSE ########################################## SUSEclient(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}" sudo zypper -n install realmd adcli sssd curl krb5-client sudo zypper -n in sssd-ad clear echo "hostname is $myhost" sleep 1 REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else DOMAIN=$( realm discover | grep -i realm.name | awk '{print $2}' ) echo "Using Domain: $DOMAIN" #DOMAIN=$(echo "$REALM") fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi clear sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}" sudo echo "${NORMAL}${NORMAL}" sudo echo "" | sudo tee /etc/sssd/sssd.conf if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi fi_auth } ####################################### Debian ########################################## debianclient(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) if ! dkpg -l | grep sudo then apt get install sudo -y else echo "" export whoami whoamis=$( whoami ) echo "$whoamis" admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 ) echo "$admins ALL=(ALL:ALL) ALL | tee -a /etc/sudoers.d/admin" fi clear sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}" sudo apt install adcli -y sudo apt-get -qq update sudo apt-get -qq install libsss-sudo -y sudo apt-get -qq install realmd adcli sssd curl -y sudo apt-get -qq install ntp -y sudo apt-get -qq install policykit-1 -y sudo mkdir -p /var/lib/samba/private sudo apt-get -qq install realmd adcli sssd -y sudo apt-get -qq install ntp -y sudo apt-get -qq install -f clear if ! sudo dpkg -l | grep realmd then clear sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}" exit else clear sudo echo "${INTRO_TEXT}packages installed${END}" fi echo "hostname is $myhost" sleep 1 REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else DOMAIN=$( realm discover | grep -i realm.name | awk '{print $2}' ) echo "Using Domain: $DOMAIN" #DOMAIN=$(echo "$REALM") fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) echo "" if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi clear sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}" sudo echo "${NORMAL}${NORMAL}" if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi fi_auth } ####################################### Cent OS ######################################### CentOS(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools samba-common heimdal-clients msktutil yum -y install adcli=0.8.2-1 -y yum -y install ipa-client echo "Looking for domains..." DOMAIN=$(realm discover | grep -i realm-name | awk '{print $2}') if [ -n "$DOMAIN" ] then if ! ping -c 1 "$DOMAIN" then clear echo "I searched for an available domain and found $DOMAIN but it is not responding to ping, please type your domain manually below... " echo "Please enter the domain you wish to join:" read -r DOMAIN if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi else clear echo "I searched for an available domain and found >>> $DOMAIN <<<" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "Please log in with domain admin to $DOMAIN to connect" sudo echo "Please enter AD admin user:" read -r ADMIN ;; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi ;; * ) echo 'Please answer yes or no.';; esac fi else clear echo "I searched for an available domain and found nothing, please type your domain manually below... " echo "Please enter the domain you wish to join:" read -r DOMAIN if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi fi sudo echo "Realm= $DOMAIN" sudo echo "" if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/ then echo "AD join failed.please check your errors with journalctl -xe" exit fi echo "session required pam_unix.so" | sudo tee -a /etc/pam.d/common-session fi_auth_yum exit } ############################### Raspberry Pi ################################### raspberry(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) sudo aptitude install ntp adcli sssd sudo mkdir -p /var/lib/samba/private sudo aptitude install libsss-sudo sudo systemctl enable sssd clear DOMAIN=$( realm discover | grep -i realm-name | awk '{print $2}') echo "" admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/ then echo "AD join failed.please check your errors with journalctl -xe" exit fi sudo systemctl start sssd echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" | sudo tee -a /etc/pam.d/common-session sudo echo "pi ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf echo "override_homedir = /home/%u" | sudo tee -a /etc/sssd/sssd.conf sudo grep -i override /etc/sssd/sssd.conf sudo echo "[nss] filter_groups = root filter_users = root reconnection_retries = 3 entry_cache_timeout = 600 #entry_cache_user_timeout = 5400 #entry_cache_group_timeout = 5400 #cache_credentials = TRUE entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf sudo service sssd restart exit } ############################### Fedora ######################################### Fedora_fn(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools samba-common DOMAIN=$(realm discover | grep -i realm-name | awk '{print $2}') if ! ping -c 1 "$DOMAIN" then clear echo "I searched for an available domain and found nothing, please type your domain manually below... " echo "Please enter the domain you wish to join:" read -r DOMAIN if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi else clear echo "I searched for an available domain and found >>> $DOMAIN <<<" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "Please log in with domain admin to $DOMAIN to connect";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi clear if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi sudo echo "Realm= $DOMAIN" sudo echo "" if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/ then echo "AD join failed.please check your errors with journalctl -xe" exit fi fi_auth_yum exit } ############################# Elemntary ##################################### elemntary_fn(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) sudo apt-get -qq install -y realmd curl sssd sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y echo "hostname is $myhost" echo "Looking for Realms.. please wait" REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "I searched for an available domain and found nothing, please type your domain manually below..." echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "I searched for an available domain and found>>> $DOMAIN <<<" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else DOMAIN=$( realm discover | grep -i realm.name | awk '{print $2}' ) echo "Using Domain: $DOMAIN" #DOMAIN=$(echo "$REALM") fi clear if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi allowguest=$( sudo grep manual /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf | grep true | cut -d '=' -f2 | head -1 ) if [ "$allowguest" = "true" ] then echo "Lightdm is already configured.. skipping.." else sudo echo "greeter-show-manual-login=true" | sudo tee -a /usr/share/lightdm/lightdm.conf.d/40-io.elementary.greeter.conf fi fi_auth exit } ############################# Linux Mint ##################################### LinuxMint(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) sudo apt-get -qq install -y realmd curl sssd sssd-tools samba-common krb5-user sudo apt-get -qq install -f -y sudo apt install adcli -y echo "hostname is $myhost" echo "Looking for Realms.. please wait" REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "I searched for an available domain and found nothing, please type your domain manually below..." echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "I searched for an available domain and found>>> $DOMAIN <<<" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else DOMAIN=$( realm discover | grep -i realm.name | awk '{print $2}' ) echo "Using Domain: $DOMAIN" #DOMAIN=$(echo "$REALM") fi clear if [ -f readfile ] then admin=$( sudo grep ADADMIN readfile | awk '{print $3}' ) if [ "$admin" = "null" ] then echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN else ADMIN=$( echo $admin ) fi else echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi allowguest=$( sudo grep manual /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf | grep true | cut -d '=' -f2 | head -1 ) if [ "$allowguest" = "true" ] then echo "Lightdm is already configured.. skipping.." else sudo echo "greeter-show-manual-login=true" | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf fi fi_auth exit } ############################### Update to Realmd from likewise ################## Realmdupdate(){ clear echo "" echo "this section has been deprecated, If you are still using likewise please see code" echo "leave likewise with sudo domainjoin-cli leave" exit } ############################### Fail check #################################### failcheck(){ clear export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) if ! hostname | cut -d '.' -f1 < /dev/null > /dev/null 2>&1 then echo "Sorry I am having issues finding your domain.. please type it" read -r DOMAIN else echo "" fi echo "" echo "-------------------------------------------------------------------------------------" echo "" if ! realm discover < /dev/null > /dev/null 2>&1 then echo "Realm not found" else echo "" therealm=$( realm discover | grep -i configured | awk '{print $2}') if [ "$therealm" = "no" ] then echo Realm configured?.. "${RED_TEXT}NO${END}" else echo Realm configured?.. "${INTRO_TEXT}YES${END}" fi if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo Checking sudoers file.. "${INTRO_TEXT}OK${END}" grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1 | sed -e 's/sudoers//g' ) if [ "$grouPs" = "$myhost" ] then echo Checking sudoers users.. "${INTRO_TEXT}OK${END}" else echo Checking sudoers users.. "${RED_TEXT}FAIL${END}" fi else echo Checking sudoers file.. "${RED_TEXT}FAIL${END}" fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" -eq "0077" ] < /dev/null > /dev/null 2>&1 then echo Checking PAM configuration.. "${INTRO_TEXT}OK${END}" else echo Checking PAM configuration.. "${RED_TEXT}FAIL${END}" fi cauth=$( grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1 | head -1 ) if [ $cauth = "allow" ] < /dev/null > /dev/null 2>&1 then echo Checking PAM auth configuration.. "${INTRO_TEXT}OK${END}" else echo Checking PAM auth configuration.. "${RED_TEXT}SSH security not configured${END}" fi fi echo "" echo "-------------------------------------------------------------------------------------" exit } ############################### Fail check Yum #################################### ###Fixes 2019/12### failcheck_yum(){ clear export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) therealm=$( realm discover | grep -i realm-name | awk '{print $2}') if ! hostname | cut -d '.' -f1 < /dev/null > /dev/null 2>&1 then echo "Sorry I am having issues finding your domain.. please type it" read -r DOMAIN else echo "" fi echo "-------------------------------------------------------------------------------------" echo "" if ! realm discover "$therealm" then echo "realm not found" else echo "" therealm=$( realm discover | grep -i realm-name | awk '{print $2}') if [ "$therealm" = "no" ] then echo "Realm configured?.. NO" else echo "Realm configured?.. YES" fi if [ -f /etc/sudoers.d/admins ] < /dev/null > /dev/null 2>&1 then echo "Checking sudoers file.. OK" grouPs=$(grep -i "$myhost" /etc/sudoers.d/admins | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\//g') if [ "$grouPs" = "$myhost""sudoers" ] then echo "Checking sudoers users.. OK" else echo "Checking sudoers users.. FAIL" fi else if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1 then echo "Checking sudoers file.. OK" grouPs1=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1 | head -1) if [ "$grouPs1" = "$myhost""sudoers" ] then echo "Checking sudoers user groups.. OK" else echo "Checking sudoers user groups.. FAIL" fi else echo "Checking sudoers file.. FAIL not configured" fi fi homedir=$( grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1 ) if [ "$homedir" = "0077" ] < /dev/null > /dev/null 2>&1 then echo "Checking PAM configuration.. OK" else echo "Checking PAM configuration.. FAIL" fi if [ -f /etc/ssh/login.group.allowed ] then echo "Checking login.group.allowed configuration.. OK" else echo "Checking login.group.allowed.. SSH security not configured" fi fi echo "" echo "-------------------------------------------------------------------------------------" exit } #################################### ldapsearch ##################################################### ldaplook(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) ldaptools=$( sudo dpkg -l | grep -i ldap-utils | cut -d 's' -f1 | cut -d 'l' -f2 ) echo "${NUMBER}Remember!you must be logged in with AD admin on the client/server to use this funktion${END}" echo "${NUMBER}Remember!please edit in ldap.conf the lines BASE and URI in /etc/ldap/ldap.conf ${END}" echo "${NUMBER}your BASE will be the area you will search in${END}" sleep 3 if [ "$ldaptools" = dap-uti ] then clear echo "ldap tool installed.. trying to find this host" sudo ldapsearch -x cn="$myhost" echo "Please type what you are looking for" read -r own sudo ldapsearch -x | grep -i "$own" exit else clear if ! sudo apt-get install ldap-utils curl -y then echo "install failed" exit else echo "${NUMBER}please edit in ldap.conf the lines BASE and URI ${END}" sleep 3 sudo nano /etc/ldap/ldap.conf sudo ldapsearch -x | grep -i "$myhost" exit fi fi } #################################### ldapsearchyum ##################################################### ldaplookyum(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) ldaptools=$( sudo dpkg -l | grep -i ldap-utils | cut -d 's' -f1 | cut -d 'l' -f2 ) echo "${NUMBER}Remember!you must be logged in with AD admin on the client/server to use this funktion${END}" echo "${NUMBER}Remember!please edit in ldap.conf the lines BASE and URI in /etc/ldap/ldap.conf ${END}" echo "${NUMBER}your BASE will be the area you will search in${END}" sleep 3 if [ "$ldaptools" = dap-uti ] then clear echo "ldap tool installed.. trying to find this host" sudo ldapsearch -x cn="$myhost" echo "Please type what you are looking for" read -r own sudo ldapsearch -x | grep -i "$own" exit else clear if ! sudo yum install ldap-utils -y then echo "install failed" exit else echo "${NUMBER}please edit in ldap.conf the lines BASE and URI ${END}" sleep 3 sudo nano /etc/ldap/ldap.conf sudo ldapsearch -x | grep -i "$myhost" exit fi fi } ############################### Reauth ########################################## Reauthenticate(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 ) < /dev/null > /dev/null 2>&1 DOMAINlower=$( echo "$DOMAIN" | tr '[:upper:]' '[:lower:]' ) < /dev/null > /dev/null 2>&1 if [ -f /etc/sssd/sssd.conf ] then read -r -p "Do you really want to leave the domain: $SSSD (y/n)?" yn case $yn in [Yy]* ) echo "Listing domain" sudo realm discover "$SSSD" | grep realm | head -1 if ! sudo realm leave "$SSSD" --remove then echo "failed Nothing to leave" exit 0 else LEFT=$(sudo realm discover | grep configured | awk '{print $2}') if [ "$LEFT" = "no" ] then echo "" sudo echo "" | sudo tee /etc/sssd/sssd.conf echo "has left $SSSD" linuxclient echo "" notify-send ADconnection "Left $SSSD " else echo "something went wrong, try to leave manually" echo "" echo "Please type domain you wish to leave" read -r DOMAIN sudo realm leave "$DOMAIN" --remove left=$(sudo realm discover | grep configured | awk '{print $2}') if [ "$left" = "no" ] then echo "" sudo echo "" | sudo tee /etc/sssd/sssd.conf echo "$DOMAIN has been left" echo "" notify-send ADconnection "Left $SSSD " linuxclient else echo "something went wrong" fi fi fi ;; [Nn]* ) echo "Not leaving $SSSD" exit ;; * ) echo 'Please answer yes or no.';; esac exit fi exit } ######################### Leave Realm ################################ leaves(){ export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 ) < /dev/null > /dev/null 2>&1 DOMAINlower=$( echo "$DOMAIN" | tr '[:upper:]' '[:lower:]' ) < /dev/null > /dev/null 2>&1 if [ -f /etc/sssd/sssd.conf ] then read -r -p "Do you really want to leave the domain: $SSSD (y/n)?" yn case $yn in [Yy]* ) echo "Listing domain" sudo realm discover "$SSSD" | grep realm | head -1 if ! sudo realm leave "$SSSD" --remove then echo "failed Nothing to leave" exit 0 else LEFT=$(sudo realm discover | grep configured | awk '{print $2}') if [ "$LEFT" = "no" ] then echo "" sudo echo "" | sudo tee /etc/sssd/sssd.conf echo "has left $SSSD" echo "" notify-send ADconnection "Left $SSSD " else echo "something went wrong, try to leave manually" echo "" echo "Please type domain you wish to leave" read -r DOMAIN sudo realm leave "$DOMAIN" --remove left=$(sudo realm discover | grep configured | awk '{print $2}') if [ "$left" = "no" ] then echo "" sudo echo "" | sudo tee /etc/sssd/sssd.conf echo "$DOMAIN has been left" echo "" notify-send ADconnection "Left $DOMAIN " else echo "something went wrong" fi fi fi ;; [Nn]* ) echo "Not leaving $SSSD" exit ;; * ) echo 'Please answer yes or no.';; esac exit fi exit } ################################## encrypt pwd ############################### encrypt(){ echo "This will create 3 files public key, private key and encrypted file" echo "make sure to store private file" sudo openssl genrsa -out private_key.pem 2048 sudo openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout echo "Please type password to encrypt" stty -echo read pass echo "$pass" > encryptpwd.txt stty echo if [ -z "$pass" ] then echo "passwd is empty" exit else sudo openssl pkeyutl -encrypt -inkey public_key.pem -pubin -in encryptpwd.txt -out encrypted.dat sudo rm -rf encryptpwd.txt ls fi exit } ################################## info ################################## readmes(){ clear echo "Usage: sh ADconnection.sh [--help] " echo " [-d (ubuntu debug mode)]" echo " [-j admin domain (Simple direct join) ADconnection -j ADadmin domain" echo " [-l (script output to log file)]" echo " [-s (Discover domain)]" echo " [-o (assign OU for computer object (-o OU=Clients,OU=Computers))" echo " [-u (sh ADconnection -u (autodetect) or -u user (looks up if computer can get user from AD))" echo "" echo "" echo "${INTRO_TEXT} Active directory connection tool, written by Pierre Gode https://github.com/PierreGode ${END}" echo "${INTRO_TEXT} Examples ${END}" echo "${INTRO_TEXT} Domain to join:${RED_TEXT}Example:${RED_TEXT}${NUMBER}mydomain.intra${NUMBER}${END}" echo "${INTRO_TEXT} ${END}" echo "${INTRO_TEXT} Domain’s NetBios name:${RED_TEXT}Example:${RED_TEXT}${NUMBER}mydomain${NUMBER}${END}" echo "${INTRO_TEXT} ${END}" echo "${INTRO_TEXT} Domain username:${RED_TEXT}Example:${RED_TEXT}${NUMBER}ADadmin${NUMBER}${END}" echo "${INTRO_TEXT} ${END}" echo "${INTRO_TEXT} AD Group to put users in:${RED_TEXT}Example:${RED_TEXT}${NUMBER}Sudoers.global${NUMBER}${END}" echo "${RED_TEXT} group should be created in AD with the group name being the HOSTNAMEsudores ${END}" echo "${INTRO_TEXT} ${END}" echo "${INTRO_TEXT} Script will use hostname and add sudoer to it to sudoers ${RED_TEXT}Example:${RED_TEXT}${NUMBER} myhostsudoer${NUMBER}${END}" echo "${INTRO_TEXT} It is important that the computerobject ${RED_TEXT}Ex:${RED_TEXT} myhost gets created in AD pre or post running the script ( the join will create an computer object by it self ${END}" echo "${INTRO_TEXT} and that the group ${RED_TEXT}Ex:${RED_TEXT} myhostsuoers exists, sudoers must be added or edit this script to remove sudoers from name${END}" echo "${INTRO_TEXT} Script will also add domain admin group to suoers ${END}" echo "${NUMBER} Remember to Check Hostname and add it to AD${END}" echo "${INTRO_TEXT} Reauthenticate is a fix for Ubuntu 14 likewise issues when client looses user (who am I?)${END}" echo "${INTRO_TEXT} ${END}" echo "${INTRO_TEXT} Ubuntu 16 and 14 has the setting not to show domain name in name or home folder due it can give${END}" echo "${INTRO_TEXT} coding issues when building.. to change this configure /et/sssd/sssd.conf ${END}" echo "" exit } ############################### Menu ############################### MENU_FN(){ clear echo "${INTRO_TEXT} Active directory connection tool ${END}" echo "${INTRO_TEXT} Created by Pierre gode ${END}" echo "${INTRO_TEXT} This script will edit several critical files.. ${END}" echo "${INTRO_TEXT} DO NOT attempt this without expert knowledge ${END}" echo "${NORMAL} ${END}" echo "${MENU}*${NUMBER} 1)${MENU} Join to AD on Linux (Ubuntu/Rasbian/Kali/Fedora/Debian/Elementary OS/) ${END}" echo "${MENU}*${NUMBER} 2)${MENU} Check for errors ${END}" echo "${MENU}*${NUMBER} 3)${MENU} Search with ldap ${END}" echo "${MENU}*${NUMBER} 4)${MENU} Reauthenticate ${END}" echo "${MENU}*${NUMBER} 5)${MENU} Leave Domain ${END}" echo "${NORMAL} ${END}" echo "${ENTER_LINE}Please enter a menu option and enter or ${RED_TEXT}ctrl + c to exit. ${END}" read -r opt while [ "$opt" != '' ] do if [ "$opt" = "" ]; then exit; else case $opt in 1) clear; echo "Installing on Linux Client/Server"; linuxclient ;; 2) clear; echo "Check for errors" failcheck ;; 3) clear; echo "Check in Ldap" ldaplookyum ;; 4) clear; echo "Rejoin to AD" Reauthenticate ;; 5) clear; echo "Leave domain" leaves ;; x)exit; ;; '\n')exit; ;; *)clear; opt "Pick an option from the menu"; MENU_FN; ;; esac fi done } ############################### Menu YUM ############################### YUM_MENU(){ clear echo " Active directory connection tool " echo " Created by Pierre gode " echo " This script will edit several critical files.. " echo " DO NOT attempt this without expert knowledge " echo "" echo "1) Join to AD on Linux" echo "2) Check for errors" echo "3) Search with ldap" echo "4) Reauthenticate" echo "5) Leave Domain" echo "" echo "Please enter a menu option and enter or enter to exit." read -r opt while [ "$opt" != '' ] do if [ "$opt" = "" ]; then exit; else case $opt in 1) clear; echo "Installing on Linux Client/Server"; linuxclient ;; 2) clear; echo "Check for errors" failcheck_yum ;; 3) clear; echo "Check in Ldap" ;; 4) clear; echo "Rejoin to AD" Reauthenticate ;; 5) clear; echo "Leave domain" leaves ;; x)exit; ;; '\n')exit; ;; *)clear; opt "Pick an option from the menu"; MENU_FN; ;; esac fi done } ################# Precheck for YUM based OS ################# PRECHECK_FN(){ ## curl your private key in this line ## Precheck sends yum based OS to an own menu ## TheOS=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1 if [ "$TheOS" = "Fedora" ] then YUM_MENU else if [ "$TheOS" = "CentOS" ] then YUM_MENU else MENU_FN fi fi } ############################## Flags ############################### clear #Versi0n=$( echo "7" ) #update=$( curl -s https://github.com/PierreGode/Linux-Active-Directory-join-script/blob/master/ADconnection.sh | grep -i Versi0n | awk '{print $10}' ) #if [ "$update" -gt "$Version" ] #then #echo "Updating ADconnection" #git pull #else #echo "ADconnection is up to date" #fi while test $# -gt 0; do case "$1" in -help|--help) readmes ;; -d|--d) if test $# -gt 0; then linuxclientdebug else echo "" exit 1 fi ;; -p|--p) if test $# -gt 0; then encrypt else echo "" exit 1 fi ;; -l|--l) if test $? -gt 0; then DATE=$(date +%H:%M) echo "$DATE" MENU_FN 2>&1 | sudo tee adconnection.log else echo "" exit 1 fi ;; -f|--f) if test $? -gt 0; then answerfile else echo "" exit 1 fi ;; -j|--j) if test $# -gt 0; then if ! sudo realm join -v -U "$2" "$3" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi exit else echo "" exit 1 fi ;; -s|--s) if test $# -gt 0; then if ! realm discover < /dev/null > /dev/null 2>&1 then clear echo "" echo "realmd is not installed" echo "" exit else sudo realm discover exit fi else echo "" exit 1 fi ;; -u|--u) if test $# -gt 0; then clear export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}' | tr "[:upper:]" "[:lower:]") if [ -z "$2" ] then if [ -d /home/"$DOMAIN" ] then ls /home/"$DOMAIN"/ | while read -r user do id "$user" echo "___________________________________________________________________________" echo "" done else echo "no user found on this system. try typing the user:" read -r user id "$user" | grep "$myhost" fi else id "$2" fi exit fi ;; -o|--o) if test $# -gt 0; then desktop=$( sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop ) rasp=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) if [ "$desktop" = "desktop" ] then if [ "$rasp" = "Raspbian" ] then echo "${INTRO_TEXT}Detecting Raspberry Pi${END}" raspberry else if [ "$kalilinux" = "Kali" ] then echo "${INTRO_TEXT}Detecting Kali linux${END}" kalijoin else echo "" fi fi else echo "This seems to be a server, Switching to server mode" ubuntuserver14 fi export HOSTNAME myhost=$( hostname | cut -d '.' -f1 ) clear sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}" sudo apt-get -qq install realmd curl adcli sssd -y sudo apt-get -qq install ntp -y sudo apt install adcli -y sudo apt-get install -f -y clear if ! sudo dpkg -l | grep realmd then clear sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}" exit else clear sudo echo "${INTRO_TEXT}Packages installed${END}" fi echo "hostname is $myhost" echo "Looking for Realms.. please wait" REALM=$( sudo grep DOMAIN readfile | awk '{print $3}' ) if [ "$REALM" = "null" ] then DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1 then clear echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}" echo "Please enter the domain you wish to join:" read -r DOMAIN else clear echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}" read -r -p "Do you wish to use it (y/n)?" yn case $yn in [Yy]* ) echo "";; [Nn]* ) echo "Please enter the domain you wish to join:" read -r DOMAIN;; * ) echo 'Please answer yes or no.';; esac fi else DOMAIN=$( realm discover | grep -i realm.name | awk '{print $2}' ) echo "Using Domain: $DOMAIN" #DOMAIN=$(echo "$REALM") fi NetBios=$(echo "$DOMAIN" | cut -d '.' -f1) clear var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1) if [ "$var" -eq "14" ] then echo "Installing additional dependencies" sudo apt-get -qq install -y realmd curl sssd sssd-tools samba-common krb5-user sudo apt install adcli -y sudo apt-get install -f -y clear echo "${INTRO_TEXT}Detecting Ubuntu $var${END}" sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN if ! realm join -v --user="$ADMIN" --computer-ou="$2" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$var" -eq "16" ] then echo "${INTRO_TEXT}Detected Ubuntu $var${END}" clear sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN if ! realm join -v --user="$ADMIN" --computer-ou="$2" "$DOMAIN" then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else if [ "$var" -eq "17" ] || [ "$var" -eq "18" ] || [ "$var" -eq "19" ] then echo "${INTRO_TEXT}Detected Ubuntu $var${END}" sleep 1 clear if [ "$var" -eq "19" ] then if [ -f /etc/apt/sources.list.d/aroth-ubuntu-ppa-eoan.list ] then sudo apt-get update sudo apt install adcli -y --allow-downgrades else echo"" echo "Fixing krb5.keytab: Bad encryption type for ubuntu 19.10" echo "" echo "To avoid encryption error with adcli please accept PPA below for an adcli update" echo "" sudo add-apt-repository ppa:aroth/ppa sudo apt-get update echo "" fi fi clear sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}" echo "${INTRO_TEXT}Joining Ubuntu $var${END}" echo "" echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}" echo "${INTRO_TEXT}Please type Admin user:${END}" read -r ADMIN if ! realm join -v --user="$ADMIN" --computer-ou="$2" "$DOMAIN" --install=/ then echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}" exit fi else clear sudo echo "${RED_TEXT}I am having issues to detect your Ubuntu version${END}" exit fi fi fi fi_auth else echo "" exit 1 fi ;; *) break ;; esac done # This script is written by Pierre Gode https://github.com/PierreGode # PRECHECK_FN