DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 08:50:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
Linux-Active-Directory-join.../ADconnection.sh
PierreGode 349aaea52a
removed failing line id_provider = ldap 
Removed failed line 
#sed -i -e 's/id_provider = ad/id_provider = ldap/g' /etc/sssd/sssd.conf # failing line: giving no on configured: and user is unable to update password.

This will need some investigation and testing to verify that SASL if working.
2020-03-11 20:54:37 +01:00

2060 lines
68 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
##################################################################################################################################
# This script is written by Pierre Gode #
# This program is open source; you can redistribute it and/or modify it under the terms of the GNU General Public #
# This is an normal bash script and can be executed with sh EX: ( sudo sh ADconnection.sh ) #
# Generic user setup is: administrator, domain admins, groupnamesudores= groupname=hostname + sudoers on group name in AD groups #
# Supported OS's: Ubuntu 14-20 + mate,Debian ,Cent OS,Rasbian ,Fedora, Linux Mint,Elementary OS and Kali ( autodetect function ) #
#This scrips is a long serie of small updates and not well planned, the script works as expected, but this is not beautiful code #
# Maybe someday I re-do the script and make it "good code" but overall it has minimal shellcheck issues #
##################################################################################################################################
#known bugs: Sometimes the script bugs after AD administrator tries to authenticate, temporary solution is running the script again
# a couple of times. if it still is not working see lines 30-39
#known bugs: see line 31-32
#known bugs:sometimes domain discovery fails, it can help canceling the script and re-running it, if not verify dns setting on client,
#and on DC, also check that searchname has your domain
# see lines 370-388 for more advanced or specific setups of SSSD
#more Distros will be added during 2019
#support added for ubutnu 19.04 2019-11-11
# ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ #
NORMAL=$(printf "\033[m")
MENU=$(printf "\033[36m")
NUMBER=$(printf "\033[33m")
RED_TEXT=$(printf "\033[31m")
INTRO_TEXT=$(printf "\033[32m")
END=$(printf "\033[0m")
# ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ #
################################ fix errors # funktion not called ################
fixerrors(){
#this funktion is not called in the script : to activate, uncomment line line 31 #fixerrors
#This funktion installs additional packages due to known issues with Joining and the join hangs after the admin auth
sudo add-apt-repository ppa:xtrusia/packagekit-fix
sudo apt-get update
sudo apt-get install packagekit
MENU_FN
}
#fixerrors
#Realmdupdate11
#Added support for elementary 01/2020
#Added support for Ubuntu 20 02/2020
####################### final auth ##################################################################
#this section will do the last part, configure sssd, ssh, login session sam files and sudoers#
fi_auth(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
sudo echo "############################"
sudo echo "Configuratig files.."
sudo echo "Verifying the setup"
sudo systemctl enable sssd
sudo systemctl start sssd
states="null"
states1="null"
grouPs="null"
therealm="null"
cauth="null"
clear
read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn
case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "Files seems already to be modified, skipping..."
else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -r -p "Is your current administrator = '$admins' ? (y/n)?" yn
case $yn in
[Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;;
[Nn]* ) echo "please type name of current administrator"
read -r -p MYADMIN
sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;;
* ) echo "Please answer yes or no.";;
esac
sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
[Nn]* ) echo "Disabled SSH login.group.allowed"
states1="12";;
* ) echo "Please answer yes or no.";;
esac
echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn
case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "The Sudoers file seems already to be modified, skipping..."
echo ""
else
read -r -p "${RED_TEXT}Do you wish to DISABLE password prompt for users in terminal?${END}${NUMBER}(y/n)?${END}" yn
case $yn in
[Yy]* )
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;
[Nn]* )
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;
* ) echo "Please answer yes or no.";;
esac
fi
;;
[Nn]* )
sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
echo "Disabled sudo rights for users on this machine"
echo ""
echo ""
states="12";;
* ) echo "Please answer yes or no."
;;
esac
homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 )
if [ "$homedir" = "0022" ]
then
echo "pam_mkhomedir.so configured"
sleep 1
else
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
fi
Arm=$( sudo hostnamectl | grep Architecture | awk '{print $2}' )
if [ "$Arm" = "arm" ]
then
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu-mate.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu-mate.conf"
else
logintrue=$( grep -i -m1 "login" /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf )
if [ -f /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ]
then
if [ "$logintrue" = "greeter-show-manual-login=true" ]
then
echo "50-ubuntu.conf is already configured.. skipping"
else
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
fi
else
echo "No lightdm to configure"
fi
fi
clear
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
sudo sudo grep -i override /etc/sssd/sssd.conf
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
### Added to help with group mapping
###ldap_use_tokengroups = False
#ldap_schema = rfc2307bis
#ldap_schema = rfc2307
#ldap_schema = IPA
#ldap_schema = AD
#ldap_search_base = DC=$NetBios,DC=$coms
#ldap_group_member = uniquemember
#ad_enable_gc = False
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
sleep 1
clear
echo "For SASL put you company root-ca.cer in /usr/share/ca-certificates/root/ folder"
read -r -p "Do you wish to use SASL (LDAPS) (y/n)?" yn
case $yn in
[Yy]* )
if [ -f /usr/share/ca-certificates/root/*.cer ]
then
cacert=$( ls /usr/share/ca-certificates/root/ | grep .cer | head -1 )
echo "Type in address of your Domaincontroller: ex: dc01.com"
read -r yourDC
clear
LdapsDC=$( echo "ldaps://"$yourDC":636" )
echo "DC sssd configuration will be $LdapsDC"
echo "Found certificate $cacert"
read -r -p "Is this information correct (y/n)?" yn
case $yn in
[Yy]* )
tlsca=$( cat /etc/sssd/sssd.conf | grep ldap_tls_cacert | awk '{print $1}' )
if [ "$tlsca" = "ldap_tls_cacert" ]
then
echo "ldap_tls_cacert already in file"
exit 1
else
sed -i "/krb5_realm = /a ldap_uri = $LdapsDC" /etc/sssd/sssd.conf
sed -i "/krb5_realm = /a ldap_tls_cacert = $cacert" /etc/sssd/sssd.conf
#sed -i -e 's/id_provider = ad/id_provider = ldap/g' /etc/sssd/sssd.conf # failing line: giving no on configured: and user is unable to update password.
sudo service sssd restart
fi;;
[Nn]* )echo "";;
* ) echo "Please answer yes or no.";;
esac
else
echo "No certificate found"
fi;;
[Nn]* )echo "";;
* ) echo "Please answer yes or no.";;
esac
################################# Check #######################################
if ! sudo service sssd restart
then
echo "sssd config.. ${RED_TEXT}FAIL${END}"
else
echo "sssd config.. ${INTRO_TEXT}OK${END}"
fi
if ! realm discover < /dev/null > /dev/null 2>&1
then
echo "Realm not installed"
else
therealm=$(realm discover "$DOMAIN" | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
if [ "$therealm" = "no" ]
then
echo "Realm configured?.. ${NUMBER}NO${END}"
else
echo "Realm configured?.. ${INTRO_TEXT}YES${END}"
fi
fi
if [ $states = 12 ]
then
echo "Sudoers not configured... skipping"
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file.. ${INTRO_TEXT}OK${END}"
else
echo "Checking sudoers file.. ${RED_TEXT}FAIL${END}"
fi
grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1)
if [ "$grouPs" = "$myhost""sudoers" ]
then
echo "Checking sudoers groups.. ${INTRO_TEXT}OK${END}"
else
echo "Checking sudoers groups.. ${RED_TEXT}FAIL${END}"
fi
homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM session configuration.. ${INTRO_TEXT}OK${END}"
else
echo "Checking PAM session configuration.. ${RED_TEXT}FAIL${END}"
fi
if [ $states1 = 12 ]
then
echo "Disabled SSH login.group.allowed"
else
cauth=$(grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}')
if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM auth configuration.. ${INTRO_TEXT}OK${END}"
else
echo "Checking PAM auth configuration.. ${RED_TEXT}FAIL${END}"
fi
fi
#realm discover $DOMAIN
if ! realm discover
then
echo "realm not found"
else
if [ "$therealm" = "no" ]
then
echo "${RED_TEXT}Join has Failed${END}"
else
lastverify=$( realm discover "$DOMAIN" | grep -m 1 "$DOMAIN" )
echo ""
echo "${INTRO_TEXT}joined to $lastverify${END}"
echo ""
notify-send ADconnection "Joined $lastverify "
fi
fi
echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}"
exit
fi
echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}"
exit
}
####################### final auth yum ##################################################################
#this section will do the last part, configure sssd, sam files and sudoers# same as final auth
#Fixes to CentOS 2019/12#
fi_auth_yum(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
sudo echo "############################"
sudo echo "Configuratig files.."
sudo echo "Verifying the setup"
sudo systemctl enable sssd
sudo systemctl start sssd
states="null"
states1="null"
grouPs="null"
therealm="null"
cauth="null"
clear
read -r -p 'Do you wish to enable SSH login.group.allowed (y/n)?' yn
case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "Files seems already to be modified, skipping..."
else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/sshd
sudo touch /etc/ssh/login.group.allowed
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -r -p "Is your current administrator = $admins ? (y/n)?" yn
case $yn in
[Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;;
[Nn]* ) echo "please type name of current administrator"
read -r -p MYADMIN
sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;;
* ) echo "Please answer yes or no.";;
esac
sudo echo "$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
[Nn]* ) echo "Disabled SSH login.group.allowed"
states1="12";;
* ) echo "Please answer yes or no.";;
esac
echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -r -p 'Do you wish to give users on this machine sudo rights?(y/n)?' yn
case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "The Sudoers file seems already to be modified, skipping..."
echo ""
else
read -r -p 'Do you wish to DISABLE password promt for users in terminal? (y/n)?' yn
case $yn in
[Yy]* )
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;
[Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;
* ) echo "Please answer yes or no.";;
esac
fi;;
[Nn]* ) echo "Disabled sudo rights for users on this machine"
echo ""
echo ""
states="12";;
* ) echo 'Please answer yes or no.';;
esac
homedir=$( grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3 )
if [ "$homedir" = "0022" ]
then
echo "pam_mkhomedir.so configured"
sleep 1
else
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
fi
logintrue=$( grep -i -m1 "login" /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf )
if [ -f /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ]
then
if [ "$logintrue" = "greeter-show-manual-login=true" ]
then
echo "50-ubuntu.conf is already configured.. skipping"
else
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
fi
else
echo "No lightdm to configure"
fi
coms=$( echo "$DOMAIN" | cut -d '.' -f2 )
clear
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
sudo grep -i override /etc/sssd/sssd.conf
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
### Added to help with group mapping
###ldap_use_tokengroups = False
#ldap_schema = rfc2307bis
#ldap_schema = rfc2307
#ldap_schema = IPA
#ldap_schema = AD
#ldap_search_base = DC=$NetBios,DC=$coms
#ldap_group_member = uniquemember
#ad_enable_gc = False
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
clear
echo "For SASL put you company root-ca.cer in /usr/share/ca-certificates/root/ folder"
read -r -p "Do you wish to use SASL (LDAPS) (y/n)?" yn
case $yn in
[Yy]* )
if [ -f /usr/share/ca-certificates/root/*.cer ]
then
cacert=$( ls /usr/share/ca-certificates/root/ | grep .cer | head -1 )
echo "Type in address of your Domaincontroller: ex: dc01.com"
read -r yourDC
clear
LdapsDC=$( echo "ldaps://"$yourDC":636" )
echo "DC sssd configuration will be $LdapsDC"
echo "Found certificate $cacert"
read -r -p "Is this information correct (y/n)?" yn
case $yn in
[Yy]* )
tlsca=$( cat /etc/sssd/sssd.conf | grep ldap_tls_cacert | awk '{print $1}' )
if [ "$tlsca" = "ldap_tls_cacert" ]
then
echo "ldap_tls_cacert already in file"
exit 1
else
sed -i "/krb5_realm = /a ldap_uri = $LdapsDC" /etc/sssd/sssd.conf
sed -i "/krb5_realm = /a ldap_tls_cacert = $cacert" /etc/sssd/sssd.conf
sudo service sssd restart
fi;;
[Nn]* )echo "";;
* ) echo "Please answer yes or no.";;
esac
else
echo "No certificate found"
fi;;
[Nn]* )echo "";;
* ) echo "Please answer yes or no.";;
esac
####################### Check #########################
if ! sudo service sssd restart
then
echo "SSSD failed relading, please see journalctl -xe"
fi
if ! realm discover
then
echo "no realm found"
else
therealm=$(realm discover "$DOMAIN" | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
if [ "$therealm" = "no" ]
then
echo "Realm configured?.. NO"
else
echo "Realm configured?.. YES"
fi
fi
if [ "$states" = "12" ]
then
echo "Sudoers not configured... skipping"
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file.. OK"
else
echo "Checking sudoers file.. FAIL"
fi
grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1)
if [ "$grouPs" = "$myhost""sudoers" ]
then
echo "Checking sudoers user groups.. OK"
else
echo "Checking sudoers user groups.. FAIL"
fi
homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM configuration.. OK"
else
echo "Checking PAM configuration.. FAIL"
fi
if [ "$states1" = "12" ]
then
echo "Disabled SSH login.group.allowed"
else
cauth=$(grep required /etc/pam.d/sshd | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}')
if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM auth configuration.. OK"
else
echo "Checking PAM auth configuration.. FAIL"
fi
fi
#realm discover $DOMAIN
if ! realm discover
then
echo "realm not found"
else
if [ "$therealm" = "no" ]
then
echo "Join has Failed"
else
lastverify=$( realm discover "$DOMAIN" | grep -m 1 "$DOMAIN" )
echo ""
echo "joined to $lastverify"
echo ""
notify-send ADconnection "Joined $lastverify"
fi
fi
echo "Please reboot your machine and wait 3 min for Active Directory to sync before login"
exit
fi
echo "Please reboot your machine and wait 3 min for Active Directory to sync before login"
exit
}
####################### Setup for Ubuntu 14,16 and 17 clients #######################################
#Runs ADjoin in debug mode. meaning it opens terminals following logs
linuxclientdebug(){
desktop=$(sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop | head -1 | awk '{print$1}')
gnome-terminal --geometry=130x20 -e "bash -c \"journalctl -fxe; exec bash\""
gnome-terminal --geometry=130x20 -e "bash -c \"journalctl -fxe | grep -i -e closed -e Successfully -e 'Preauthentication failed' -e 'authenticate' -e 'Failed to join the domain'; exec bash\""
linuxclient
}
################################## Join for linux clients ##########################################
linuxclient(){
TheOS=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
MintOS=$( hostnamectl | grep -i Operating | awk '{print $4}' ) < /dev/null > /dev/null 2>&1
rasp=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
elementary=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
clear
#### OS detection ####
if [ "$TheOS" = "Fedora" ] < /dev/null > /dev/null 2>&1
then
echo "Fedora detected"
Fedora_fn
else
if [ "$TheOS" = "CentOS" ] < /dev/null > /dev/null 2>&1
then
echo "Cent OS detected"
CentOS
else
if [ "$TheOS" = "Debian" ] < /dev/null > /dev/null 2>&1
then
echo "Debian detected"
debianclient
else
if [ "$TheOS" = "Ubuntu" ] < /dev/null > /dev/null 2>&1
then
echo "Ubuntu detected"
echo ""
echo "Checking if it is a Desktop or server"
desktop=$( sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop | head -1 | awk '{print$1}' ) < /dev/null > /dev/null 2>&1
if [ "$desktop" = "desktop" ] < /dev/null > /dev/null 2>&1
then
echo "Ubuntu Desktop detected"
UbuntU
else
echo " this seems to be a server, swithching to server mode"
ubuntuserver14
fi
else
if [ "$rasp" = "Raspbian" ] < /dev/null > /dev/null 2>&1
then
echo "${INTRO_TEXT}Detecting Raspberry Pi${END}"
raspberry
else
if [ "$kalilinux" = "Kali" ] < /dev/null > /dev/null 2>&1
then
echo "${INTRO_TEXT}Detecting Kali linux${END}"
kalijoin
else
if [ "$elementary" = "elementary" ]
then
echo "${INTRO_TEXT}Detected Elementary${END}"
sleep 1
elemntary_fn
else
if [ "$MintOS" = Mint ]
then
echo "Detecting Linux Mint"
LinuxMint
else
echo "No compatible System found"
exit
fi
fi
fi
fi
fi
fi
fi
fi
}
################################ Ubuntu 14-20 ###########################################
UbuntU(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
clear
sudo echo "${NUMBER}Installing packages do no abort!.......${END}"
if ! sudo apt-get -qq install realmd adcli sssd ntp -y && sudo apt-get -qq install -f -y
then
echo "${RED_TEXT}Failed installing packages, please resolve dpkg and try again ${END}"
exit 1
fi
clear
if ! sudo dpkg -l | grep realmd
then
clear
sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}"
else
clear
sudo echo "${INTRO_TEXT}packages installed${END}"
fi
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
if ! ping -c 2 "$DOMAIN" < /dev/null > /dev/null 2>&1
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
clear
var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1)
if [ "$var" -eq "14" ]
then
echo "Installing additional dependencies"
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
clear
echo "${INTRO_TEXT}Detecting Ubuntu $var${END}"
sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}"
echo "${INTRO_TEXT}Joining Ubuntu $var${END}"
echo ""
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
else
if [ "$var" -eq "16" ]
then
echo "${INTRO_TEXT}Detected Ubuntu $var${END}"
clear
sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}"
echo "${INTRO_TEXT}Joining Ubuntu $var${END}"
echo ""
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN"
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
else
if [ "$var" -eq "17" ] || [ "$var" -eq "18" ] || [ "$var" -eq "19" ] || [ "$var" -eq "20" ]
then
echo "${INTRO_TEXT}Detected Ubuntu $var${END}"
sleep 1
clear
if [ "$var" -eq "19" ]
then
if [ -f /etc/apt/sources.list.d/aroth-ubuntu-ppa-eoan.list ]
then
sudo apt-get update
sudo apt-get --only-upgrade install adcli
else
echo""
echo "Fixing krb5.keytab: Bad encryption type for ubuntu 19.10"
echo ""
echo "To avoid encryption error with adcli please accept PPA below for an adcli update"
echo ""
sudo add-apt-repository ppa:aroth/ppa
sudo apt-get update
sudo apt-get --only-upgrade install adcli
echo ""
fi
fi
clear
sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}"
echo "${INTRO_TEXT}Joining Ubuntu $var${END}"
echo ""
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
else
clear
sudo echo "${RED_TEXT}I am having issues to detect your Ubuntu version${END}"
exit
fi
fi
fi
fi_auth
}
####################### Setup for Ubuntu server ubuntu 14-20 #######################################
ubuntuserver14(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
clear
sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}"
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -y sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
clear
if ! sudo dpkg -l | grep realmd
then
clear
sudo echo "${RED_TEXT}Installing packages failed.. please check connection and dpkg and try again.${END}"
exit
else
clear
sudo echo "${INTRO_TEXT}packages installed${END}"
fi
sleep 1
DOMAIN=$( realm discover | grep -i realm-name | awk '{print $2}')
if ! ping -c 1 "$DOMAIN"
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}"
sudo echo "${NORMAL}${NORMAL}"
echo "${INTRO_TEXT}Please type DomainAdmin user:${END}"
read -r DomainADMIN
if ! sudo realm join -v -U "$DomainADMIN" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
echo "${NUMBER}Please type group name in AD for admins${END}"
read -r Mysrvgroup
sudo echo "############################"
sudo echo "Configuratig files.."
sudo echo "Verifying the setup"
sudo systemctl enable sssd
sudo systemctl start sssd
states="null"
states1="null"
grouPs="null"
therealm="null"
cauth="null"
clear
read -r -p "${RED_TEXT}Do you wish to enable SSH login.group.allowed${END}${NUMBER}(y/n)?${END}" yn
case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "Files seems already to be modified, skipping..."
else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -r -p "Is your current administrator = $admins ? (y/n)?" yn
case $yn in
[Yy]* ) sudo echo "$admins" | sudo tee -a /etc/ssh/login.group.allowed;;
[Nn]* ) echo "please type name of current administrator"
read -r -p MYADMIN
sudo echo "$MYADMIN" | sudo tee -a /etc/ssh/login.group.allowed;;
* ) echo "Please answer yes or no.";;
esac
sudo echo "$Mysrvgroup" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios\\$myhost""sudoers""" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios\\domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
[Nn]* ) echo "Disabled SSH login.group.allowed"
states1="12";;
* ) echo "Please answer yes or no.";;
esac
echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -r -p "${RED_TEXT}Do you wish to give users on this machine sudo rights?${END}${NUMBER}(y/n)?${END}" yn
case $yn in
[Yy]* ) sudo echo "Checking if there is any previous configuration"
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "Sudoers file seems already to be modified, skipping..."
echo ""
else
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$Mysrvgroup""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%domain\ users ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
fi;;
[Nn]* ) echo "Disabled sudo rights for users on this machine"
echo ""
echo ""
states="12";;
* ) echo 'Please answer yes or no.';;
esac
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
if ! realm discover
then
echo "Realm not found"
else
therealm=$( realm discover | grep -i realm-name | awk '{print $2}')
if [ "$therealm" = "no" ]
then
echo Realm configured?.. "${NUMBER}NO${END}"
else
echo Realm configured?.. "${INTRO_TEXT}YES${END}"
fi
fi
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo Checking sudoers file.. "${INTRO_TEXT}OK${END}"
else
echo checking sudoers file.. "${RED_TEXT}FAIL not configured${END}"
fi
grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1)
if [ "$grouPs" = "$myhost""sudoers" ]
then
echo "Checking sudoers users.. ${INTRO_TEXT}OK${END}"
else
echo "Checking sudoers users.. ${RED_TEXT}FAIL${END}"
fi
homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM configuration.. ${INTRO_TEXT}OK${END}"
else
echo "Checking PAM configuration.. ${RED_TEXT}FAIL${END}"
fi
cauth=$(grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM auth configuration..${INTRO_TEXT}OK${END}"
else
echo "Checking PAM auth configuration..${RED_TEXT}SSH security not configured${END}"
fi
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
sudo grep -i override /etc/sssd/sssd.conf
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
realm discover "$DOMAIN"
echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${END}"
exit
}
####################################### Kali ############################################
kalijoin(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
export whoami
whoamis=$( whoami )
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}"
sudo apt-get -qq update
sudo apt-get -qq install libsss-sudo -y
sudo apt-get -qq install adcli -y
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install policykit-1 -y
sudo mkdir -p /var/lib/samba/private
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -f -y
clear
if ! sudo dpkg -l | grep realmd
then
clear
sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}"
exit
else
clear
sudo echo "${INTRO_TEXT}packages installed${END}"
fi
echo "hostname is $myhost"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
if ! ping -c 2 "$DOMAIN" >/dev/null
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below...${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found $DOMAIN ${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
echo ""
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
clear
sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}"
sudo echo "${NORMAL}${NORMAL}"
if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
fi_auth
}
####################################### Debian ##########################################
debianclient(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
if ! dkpg -l | grep sudo
then
apt get install sudo -y
else
echo ""
export whoami
whoamis=$( whoami )
echo "$whoamis"
admins=$( grep home /etc/passwd | grep bash | cut -d ':' -f1 )
echo "$admins ALL=(ALL:ALL) ALL | tee -a /etc/sudoers.d/admin"
fi
clear
sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}"
sudo apt-get -qq update
sudo apt-get -qq install libsss-sudo -y
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install policykit-1 -y
sudo mkdir -p /var/lib/samba/private
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -f
clear
if ! sudo dpkg -l | grep realmd
then
clear
sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}"
exit
else
clear
sudo echo "${INTRO_TEXT}packages installed${END}"
fi
echo "hostname is $myhost"
sleep 1
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
if ! ping -c 2 "$DOMAIN" >/dev/null
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below...${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found $DOMAIN ${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
echo ""
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
clear
sudo echo "${INTRO_TEXT}Realm= $DOMAIN${END}"
sudo echo "${NORMAL}${NORMAL}"
if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
fi_auth
}
####################################### Cent OS #########################################
CentOS(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools samba-common heimdal-clients msktutil
yum -y install ipa-client
echo "Looking for domains..."
DOMAIN=$(realm discover | grep -i realm-name | awk '{print $2}')
if [ -n "$DOMAIN" ]
then
if ! ping -c 1 "$DOMAIN"
then
clear
echo "I searched for an available domain and found $DOMAIN but it is not responding to ping, please type your domain manually below... "
echo "Please enter the domain you wish to join:"
read -r DOMAIN
echo "I Please enter AD admin user "
read -r ADMIN
else
clear
echo "I searched for an available domain and found >>> $DOMAIN <<<"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "Please log in with domain admin to $DOMAIN to connect"
sudo echo "Please enter AD admin user:"
read -r ADMIN
;;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN
sudo echo "Please enter AD admin user:"
read -r ADMIN
;;
* ) echo 'Please answer yes or no.';;
esac
fi
else
clear
echo "I searched for an available domain and found nothing, please type your domain manually below... "
echo "Please enter the domain you wish to join:"
read -r DOMAIN
echo "I Please enter AD admin user "
read -r ADMIN
fi
sudo echo "Realm= $DOMAIN"
sudo echo ""
if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/
then
echo "AD join failed.please check your errors with journalctl -xe"
exit
fi
echo "session required pam_unix.so" | sudo tee -a /etc/pam.d/common-session
fi_auth_yum
exit
}
############################### Raspberry Pi ###################################
raspberry(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
sudo aptitude install ntp adcli sssd
sudo mkdir -p /var/lib/samba/private
sudo aptitude install libsss-sudo
sudo systemctl enable sssd
clear
DOMAIN=$( realm discover | grep -i realm-name | awk '{print $2}')
echo ""
echo "please type Domain admin"
read -r ADMIN
if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/
then
echo "AD join failed.please check your errors with journalctl -xe"
exit
fi
sudo systemctl start sssd
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
sudo echo "pi ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
sudo grep -i override /etc/sssd/sssd.conf
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
exit
}
############################### Fedora #########################################
Fedora_fn(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools samba-common
DOMAIN=$(realm discover | grep -i realm-name | awk '{print $2}')
if ! ping -c 1 "$DOMAIN"
then
clear
echo "I searched for an available domain and found nothing, please type your domain manually below... "
echo "Please enter the domain you wish to join:"
read -r DOMAIN
echo "I Please enter AD admin user "
read -r ADMIN
else
clear
echo "I searched for an available domain and found >>> $DOMAIN <<<"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "Please log in with domain admin to $DOMAIN to connect";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
clear
sudo echo "Please enter AD admin user:"
read -r ADMIN
sudo echo "Realm= $DOMAIN"
sudo echo ""
if ! sudo realm join -v -U "$ADMIN" "$DOMAIN" --install=/
then
echo "AD join failed.please check your errors with journalctl -xe"
exit
fi
fi_auth_yum
exit
}
############################# Elemntary #####################################
elemntary_fn(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
if ! ping -c 2 "$DOMAIN" >/dev/null
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
clear
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
clear
if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN"
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
allowguest=$( sudo grep manual /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf | grep true | cut -d '=' -f2 | head -1 )
if [ "$allowguest" = "true" ]
then
echo "Lightdm is already configured.. skipping.."
else
sudo echo "greeter-show-manual-login=true" | sudo tee -a /usr/share/lightdm/lightdm.conf.d/40-io.elementary.greeter.conf
fi
fi_auth
exit
}
############################# Linux Mint #####################################
LinuxMint(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
if ! ping -c 2 "$DOMAIN" >/dev/null
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
clear
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
clear
if ! sudo realm join --verbose --user="$ADMIN" "$DOMAIN"
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
allowguest=$( sudo grep manual /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf | grep true | cut -d '=' -f2 | head -1 )
if [ "$allowguest" = "true" ]
then
echo "Lightdm is already configured.. skipping.."
else
sudo echo "greeter-show-manual-login=true" | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf
fi
fi_auth
exit
}
############################### Update to Realmd from likewise ##################
Realmdupdate(){
clear
echo ""
echo "this section has been deprecated, If you are still using likewise please see code"
echo "leave likewise with sudo domainjoin-cli leave"
exit
}
############################### Fail check ####################################
failcheck(){
clear
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
if ! hostname | cut -d '.' -f1 < /dev/null > /dev/null 2>&1
then
echo "Sorry I am having issues finding your domain.. please type it"
read -r DOMAIN
else
echo ""
fi
echo ""
echo "-------------------------------------------------------------------------------------"
echo ""
if ! realm discover < /dev/null > /dev/null 2>&1
then
echo "Realm not found"
else
echo ""
therealm=$( realm discover | grep -i configured | awk '{print $2}')
if [ "$therealm" = "no" ]
then
echo Realm configured?.. "${RED_TEXT}NO${END}"
else
echo Realm configured?.. "${INTRO_TEXT}YES${END}"
fi
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo Checking sudoers file.. "${INTRO_TEXT}OK${END}"
grouPs=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1 | sed -e 's/sudoers//g' )
if [ "$grouPs" = "$myhost" ]
then
echo Checking sudoers users.. "${INTRO_TEXT}OK${END}"
else
echo Checking sudoers users.. "${RED_TEXT}FAIL${END}"
fi
else
echo Checking sudoers file.. "${RED_TEXT}FAIL${END}"
fi
homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3)
if [ "$homedir" -eq "0022" ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM configuration.. "${INTRO_TEXT}OK${END}"
else
echo Checking PAM configuration.. "${RED_TEXT}FAIL${END}"
fi
cauth=$(grep required /etc/pam.d/common-auth | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ "$cauth" = "allow" ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM auth configuration.. "${INTRO_TEXT}OK${END}"
else
echo Checking PAM auth configuration.. "${RED_TEXT}SSH security not configured${END}"
fi
fi
echo ""
echo "-------------------------------------------------------------------------------------"
exit
}
############################### Fail check Yum ####################################
###Fixes 2019/12###
failcheck_yum(){
clear
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
therealm=$( realm discover | grep -i realm-name | awk '{print $2}')
if ! hostname | cut -d '.' -f1 < /dev/null > /dev/null 2>&1
then
echo "Sorry I am having issues finding your domain.. please type it"
read -r DOMAIN
else
echo ""
fi
echo "-------------------------------------------------------------------------------------"
echo ""
if ! realm discover $therealm
then
echo "realm not found"
else
echo ""
therealm=$( realm discover | grep -i realm-name | awk '{print $2}')
if [ "$therealm" = "no" ]
then
echo "Realm configured?.. NO"
else
echo "Realm configured?.. YES"
fi
if [ -f /etc/sudoers.d/admins ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file.. OK"
grouPs=$(grep -i "$myhost" /etc/sudoers.d/admins | cut -d '%' -f2 | cut -d '=' -f1 | sed -e 's/\<ALL\>//g')
if [ "$grouPs" = "$myhost""sudoers" ]
then
echo "Checking sudoers users.. OK"
else
echo "Checking sudoers users.. FAIL"
fi
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file.. OK"
grouPs1=$(grep -i "$myhost" /etc/sudoers.d/sudoers | cut -d '%' -f2 | awk '{print $1}' | head -1 | head -1)
if [ "$grouPs1" = "$myhost""sudoers" ]
then
echo "Checking sudoers user groups.. OK"
else
echo "Checking sudoers user groups.. FAIL"
fi
else
echo "Checking sudoers file.. FAIL not configured"
fi
fi
homedir=$(grep homedir /etc/pam.d/common-session | grep 0022 | cut -d '=' -f3)
if [ "$homedir" = "0022" ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM configuration.. OK"
else
echo "Checking PAM configuration.. FAIL"
fi
if [ -f /etc/ssh/login.group.allowed ]
then
echo "Checking login.group.allowed configuration.. OK"
else
echo "Checking login.group.allowed.. SSH security not configured"
fi
fi
echo ""
echo "-------------------------------------------------------------------------------------"
exit
}
#################################### ldapsearch #####################################################
ldaplook(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
ldaptools=$( sudo dpkg -l | grep -i ldap-utils | cut -d 's' -f1 | cut -d 'l' -f2 )
echo "${NUMBER}Remember!you must be logged in with AD admin on the client/server to use this funktion${END}"
echo "${NUMBER}Remember!please edit in ldap.conf the lines BASE and URI in /etc/ldap/ldap.conf ${END}"
echo "${NUMBER}your BASE will be the area you will search in${END}"
sleep 3
if [ "$ldaptools" = dap-uti ]
then
clear
echo "ldap tool installed.. trying to find this host"
sudo ldapsearch -x cn="$myhost"
echo "Please type what you are looking for"
read -r own
sudo ldapsearch -x | grep -i "$own"
exit
else
clear
if ! sudo apt-get install ldap-utils -y
then
echo "install failed"
exit
else
echo "${NUMBER}please edit in ldap.conf the lines BASE and URI ${END}"
sleep 3
sudo nano /etc/ldap/ldap.conf
sudo ldapsearch -x | grep -i "$myhost"
exit
fi
fi
}
#################################### ldapsearchyum #####################################################
ldaplookyum(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
ldaptools=$( sudo dpkg -l | grep -i ldap-utils | cut -d 's' -f1 | cut -d 'l' -f2 )
echo "${NUMBER}Remember!you must be logged in with AD admin on the client/server to use this funktion${END}"
echo "${NUMBER}Remember!please edit in ldap.conf the lines BASE and URI in /etc/ldap/ldap.conf ${END}"
echo "${NUMBER}your BASE will be the area you will search in${END}"
sleep 3
if [ "$ldaptools" = dap-uti ]
then
clear
echo "ldap tool installed.. trying to find this host"
sudo ldapsearch -x cn="$myhost"
echo "Please type what you are looking for"
read -r own
sudo ldapsearch -x | grep -i "$own"
exit
else
clear
if ! sudo yum install ldap-utils -y
then
echo "install failed"
exit
else
echo "${NUMBER}please edit in ldap.conf the lines BASE and URI ${END}"
sleep 3
sudo nano /etc/ldap/ldap.conf
sudo ldapsearch -x | grep -i "$myhost"
exit
fi
fi
}
############################### Reauth ##########################################
Reauthenticate(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
whoelse=$( who -ut | grep -v old | awk '{print $1}' | head -1 )
homeshome=$( sudo realm list | grep domain-name | awk '{print $2}' )
homes=$( find /home/"$homeshome" -maxdepth 1 -mindepth 1 | head -1 | cut -d '/' -f4 )
if [ "$homes" = "$whoelse" ]
then
echo ""
echo "you are logged in as an AD user.. canceling request"
echo "only administrator has permissions"
echo ""
exit
else
LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
SSSD=$( sudo grep domain /etc/sssd/sssd.conf | awk '{print $3}' | head -1 )
DOMAINlower=$( echo "$DOMAIN" | tr '[:upper:]' '[:lower:]' )
if [ "$DOMAINlower" = "$SSSD" ]
then
echo "Detecting realm $SSSD"
else
if [ "$LEFT" = "no" ]
then
echo ""
echo "$DOMAIN has not been configured"
echo ""
exit
fi
fi
read -r -p "Do you really want to leave the domain: $DOMAIN (y/n)?" yn
case $yn in
[Yy]* ) echo "Listing domain"
sudo realm discover "$DOMAIN"
sudo realm leave "$DOMAIN"
LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
if [ "$LEFT" = "no" ]
then
echo ""
sudo echo "" | sudo tee /etc/sssd/sssd.conf
echo "$DOMAIN has been left"
echo ""
notify-send ADconnection "Left $DOMAIN "
linuxclient
else
echo "something went wrong, try to leave manually"
read -r DOMAIN
sudo realm leave "$DOMAIN"
left=$(sudo realm discover | grep configured | awk '{print $2}')
if [ "$left" = "no" ]
then
echo ""
sudo echo "" | sudo tee /etc/sssd/sssd.conf
echo "$DOMAIN has been left"
echo ""
notify-send ADconnection "Left $DOMAIN "
linuxclient
else
echo "something went wrong"
fi
fi
;;
[Nn]* ) echo "Bye"
exit
;;
* ) echo 'Please answer yes or no.';;
esac
exit
fi
}
######################### Leave Realm ################################
leaves(){
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
clear
LEFT=$(sudo realm discover | grep configured | awk '{print $2}') < /dev/null > /dev/null 2>&1
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}') < /dev/null > /dev/null 2>&1
SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 ) < /dev/null > /dev/null 2>&1
DOMAINlower=$( echo "$DOMAIN" | tr '[:upper:]' '[:lower:]' ) < /dev/null > /dev/null 2>&1
if ! realm discover < /dev/null > /dev/null 2>&1
then
echo ""
echo "Realm not found, nothing to leave"
echo ""
else
if [ "$DOMAINlower" = "$SSSD" ] < /dev/null > /dev/null 2>&1
then
echo "Detecting realm $SSSD"
else
if [ "$LEFT" = "no" ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "$DOMAIN has not been configured"
echo ""
exit
fi
fi
read -r -p "Do you really want to leave the domain: $DOMAIN (y/n)?" yn
case $yn in
[Yy]* ) echo "Listing domain"
sudo realm discover "$DOMAIN"
sudo realm leave "$DOMAIN"
LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
if [ "$LEFT" = "no" ]
then
echo ""
sudo echo "" | sudo tee /etc/sssd/sssd.conf
echo "$DOMAIN has been left"
echo ""
notify-send ADconnection "Left $DOMAIN "
else
echo "something went wrong, try to leave manually"
echo ""
echo "Please type domain you wish to leave"
read -r DOMAIN
sudo realm leave "$DOMAIN"
left=$(sudo realm discover | grep configured | awk '{print $2}')
if [ "$left" = "no" ]
then
echo ""
sudo echo "" | sudo tee /etc/sssd/sssd.conf
echo "$DOMAIN has been left"
echo ""
notify-send ADconnection "Left $DOMAIN "
else
echo "something went wrong"
fi
fi
;;
[Nn]* ) echo "Bye"
exit
;;
* ) echo 'Please answer yes or no.';;
esac
exit
fi
exit
}
################################## info ##################################
readmes(){
clear
echo "Usage: sh ADconnection.sh [--help] "
echo " [-d (ubuntu debug mode)]"
echo " [-j admin domain (Simple direct join) ADconnection -j ADadmin domain"
echo " [-l (script output to log file)]"
echo " [-s (Discover domain)]"
echo " [-o (assign OU for computer object (-o OU=Clients,OU=Computers))"
echo " [-u (sh ADconnection -u (autodetect) or -u user (looks up if computer can get user from AD))"
echo ""
echo ""
echo "${INTRO_TEXT} Active directory connection tool ${END}"
echo "${INTRO_TEXT} Examples ${END}"
echo "${INTRO_TEXT} Domain to join:${RED_TEXT}Example:${RED_TEXT}${NUMBER}mydomain.intra${NUMBER}${END}"
echo "${INTRO_TEXT} ${END}"
echo "${INTRO_TEXT} Domains NetBios name:${RED_TEXT}Example:${RED_TEXT}${NUMBER}mydomain${NUMBER}${END}"
echo "${INTRO_TEXT} ${END}"
echo "${INTRO_TEXT} Domain username:${RED_TEXT}Example:${RED_TEXT}${NUMBER}ADadmin${NUMBER}${END}"
echo "${INTRO_TEXT} ${END}"
echo "${INTRO_TEXT} AD Group to put users in:${RED_TEXT}Example:${RED_TEXT}${NUMBER}Sudoers.global${NUMBER}${END}"
echo "${RED_TEXT} group should be created in AD with the group name being the HOSTNAMEsudores ${END}"
echo "${INTRO_TEXT} ${END}"
echo "${INTRO_TEXT} Script will use hostname and add sudoer to it to sudoers ${RED_TEXT}Example:${RED_TEXT}${NUMBER} myhostsudoer${NUMBER}${END}"
echo "${INTRO_TEXT} It is important that the computerobject ${RED_TEXT}Ex:${RED_TEXT} myhost gets created in AD pre or post running the script ( the join will create an computer object by it self ${END}"
echo "${INTRO_TEXT} and that the group ${RED_TEXT}Ex:${RED_TEXT} myhostsuoers exists, sudoers must be added or edit this script to remove sudoers from name${END}"
echo "${INTRO_TEXT} Script will also add domain admin group to suoers ${END}"
echo "${NUMBER} Remember to Check Hostname and add it to AD${END}"
echo "${INTRO_TEXT} Reauthenticate is a fix for Ubuntu 14 likewise issues when client looses user (who am I?)${END}"
echo "${INTRO_TEXT} ${END}"
echo "${INTRO_TEXT} Ubuntu 16 and 14 has the setting not to show domain name in name or home folder due it can give${END}"
echo "${INTRO_TEXT} coding issues when building.. to change this configure /et/sssd/sssd.conf ${END}"
echo ""
exit
}
############################### Menu ###############################
MENU_FN(){
clear
echo "${INTRO_TEXT} Active directory connection tool ${END}"
echo "${INTRO_TEXT} Created by Pierre Goude ${END}"
echo "${INTRO_TEXT} This script will edit several critical files.. ${END}"
echo "${INTRO_TEXT} DO NOT attempt this without expert knowledge ${END}"
echo "${NORMAL} ${END}"
echo "${MENU}*${NUMBER} 1)${MENU} Join to AD on Linux (Ubuntu/Rasbian/Kali/Fedora/Debian/Elementary OS/) ${END}"
echo "${MENU}*${NUMBER} 2)${MENU} Check for errors ${END}"
echo "${MENU}*${NUMBER} 3)${MENU} Search with ldap ${END}"
echo "${MENU}*${NUMBER} 4)${MENU} Reauthenticate ${END}"
echo "${MENU}*${NUMBER} 5)${MENU} Leave Domain ${END}"
echo "${NORMAL} ${END}"
echo "${ENTER_LINE}Please enter a menu option and enter or ${RED_TEXT}ctrl + c to exit. ${END}"
read -r opt
while [ "$opt" != '' ]
do
if [ "$opt" = "" ]; then
exit;
else
case $opt in
1) clear;
echo "Installing on Linux Client/Server";
linuxclient
;;
2) clear;
echo "Check for errors"
failcheck
;;
3) clear;
echo "Check in Ldap"
ldaplookyum
;;
4) clear;
echo "Rejoin to AD"
Reauthenticate
;;
5) clear;
echo "Leave domain"
leaves
;;
x)exit;
;;
'\n')exit;
;;
*)clear;
opt "Pick an option from the menu";
MENU_FN;
;;
esac
fi
done
}
############################### Menu YUM ###############################
YUM_MENU(){
clear
echo " Active directory connection tool "
echo " Created by Pierre Goude "
echo " This script will edit several critical files.. "
echo " DO NOT attempt this without expert knowledge "
echo ""
echo "1) Join to AD on Linux"
echo "2) Check for errors"
echo "3) Search with ldap"
echo "4) Reauthenticate"
echo "5) Leave Domain"
echo ""
echo "Please enter a menu option and enter or enter to exit."
read -r opt
while [ "$opt" != '' ]
do
if [ "$opt" = "" ]; then
exit;
else
case $opt in
1) clear;
echo "Installing on Linux Client/Server";
linuxclient
;;
2) clear;
echo "Check for errors"
failcheck_yum
;;
3) clear;
echo "Check in Ldap"
;;
4) clear;
echo "Rejoin to AD"
Reauthenticate
;;
5) clear;
echo "Leave domain"
leaves
;;
x)exit;
;;
'\n')exit;
;;
*)clear;
opt "Pick an option from the menu";
MENU_FN;
;;
esac
fi
done
}
################# Precheck for YUM based OS #################
PRECHECK_FN(){
## Precheck sends yum based OS to an own menu ##
TheOS=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
if [ "$TheOS" = "Fedora" ]
then
YUM_MENU
else
if [ "$TheOS" = "CentOS" ]
then
YUM_MENU
else
MENU_FN
fi
fi
}
############################## Flags ###############################
clear
#Versi0n=$( echo "7" )
#update=$( curl -s https://github.com/PierreGode/Linux-Active-Directory-join-script/blob/master/ADconnection.sh | grep -i Versi0n | awk '{print $10}' )
#if [ "$update" -gt "$Version" ]
#then
#echo "Updating ADconnection"
#git pull
#else
#echo "ADconnection is up to date"
#fi
while test $# -gt 0; do
case "$1" in
-help|--help)
readmes
;;
-d|--d)
if test $# -gt 0; then
linuxclientdebug
else
echo ""
exit 1
fi
;;
-l|--l)
if test $? -gt 0; then
DATE=$(date +%H:%M)
echo "$DATE"
MENU_FN 2>&1 | sudo tee adconnection.log
else
echo ""
exit 1
fi
;;
-f|--f)
if test $? -gt 0; then
answerfile
else
echo ""
exit 1
fi
;;
-j|--j)
if test $# -gt 0; then
if ! sudo realm join -v -U "$2" "$3" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
exit
else
echo ""
exit 1
fi
;;
-s|--s)
if test $# -gt 0; then
if ! realm discover < /dev/null > /dev/null 2>&1
then
clear
echo ""
echo "realmd is not installed"
echo ""
exit
else
sudo realm discover
exit
fi
else
echo ""
exit 1
fi
;;
-u|--u)
if test $# -gt 0; then
clear
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
if [ -z "$2" ]
then
if [ -d /home/"$DOMAIN" ]
then
ls /home/"$DOMAIN"/ | while read -r user
do
id "$user"
echo "___________________________________________________________________________"
echo ""
done
else
echo "no user found on this system. try typing the user:"
read -r user
id "$user" | grep "$myhost"
fi
else
id "$2"
fi
exit
fi
;;
-o|--o)
if test $# -gt 0; then
desktop=$( sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop )
rasp=$( lsb_release -a | grep -i Distributor | awk '{print $3}' )
kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' )
if [ "$desktop" = "desktop" ]
then
if [ "$rasp" = "Raspbian" ]
then
echo "${INTRO_TEXT}Detecting Raspberry Pi${END}"
raspberry
else
if [ "$kalilinux" = "Kali" ]
then
echo "${INTRO_TEXT}Detecting Kali linux${END}"
kalijoin
else
echo ""
fi
fi
else
echo "this seems to be a server, Switching to server mode"
ubuntuserver14
fi
export HOSTNAME
myhost=$( hostname | cut -d '.' -f1 )
clear
sudo echo "${RED_TEXT}Installing packages do no abort!.......${END}"
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get install -f -y
clear
if ! sudo dpkg -l | grep realmd
then
clear
sudo echo "${RED_TEXT}Installing packages failed.. please check connection ,dpkg and apt-get update then try again.${END}"
exit
else
clear
sudo echo "${INTRO_TEXT}packages installed${END}"
fi
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
if ! ping -c 2 "$DOMAIN" >/dev/null
then
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below...${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
else
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN <<<${END}${END}"
read -r -p "Do you wish to use it (y/n)?" yn
case $yn in
[Yy]* ) echo "";;
[Nn]* ) echo "Please enter the domain you wish to join:"
read -r DOMAIN;;
* ) echo 'Please answer yes or no.';;
esac
fi
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
clear
var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1)
if [ "$var" -eq "14" ]
then
echo "Installing additional dependencies"
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get install -f -y
clear
echo "${INTRO_TEXT}Detecting Ubuntu $var${END}"
sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}"
echo "${INTRO_TEXT}Joining Ubuntu $var${END}"
echo ""
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
if ! realm join -v --user="$ADMIN" --computer-ou="$2" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
else
if [ "$var" -eq "16" ]
then
echo "${INTRO_TEXT}Detected Ubuntu $var${END}"
clear
sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}"
echo "${INTRO_TEXT}Joining Ubuntu $var${END}"
echo ""
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
if ! realm join -v --user="$ADMIN" --computer-ou="$2" "$DOMAIN"
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
else
if [ "$var" -eq "17" ] || [ "$var" -eq "18" ] || [ "$var" -eq "19" ]
then
echo "${INTRO_TEXT}Detected Ubuntu $var${END}"
sleep 1
clear
if [ "$var" -eq "19" ]
then
if [ -f /etc/apt/sources.list.d/aroth-ubuntu-ppa-eoan.list ]
then
sudo apt-get update
sudo apt-get --only-upgrade install adcli
else
echo""
echo "Fixing krb5.keytab: Bad encryption type for ubuntu 19.10"
echo ""
echo "To avoid encryption error with adcli please accept PPA below for an adcli update"
echo ""
sudo add-apt-repository ppa:aroth/ppa
sudo apt-get update
sudo apt-get --only-upgrade install adcli
echo ""
fi
fi
clear
sudo echo "${INTRO_TEXT}Realm=$DOMAIN${END}"
echo "${INTRO_TEXT}Joining Ubuntu $var${END}"
echo ""
echo "${INTRO_TEXT}Please log in with domain admin to $DOMAIN to connect${END}"
echo "${INTRO_TEXT}Please type Admin user:${END}"
read -r ADMIN
if ! realm join -v --user="$ADMIN" --computer-ou="$2" "$DOMAIN" --install=/
then
echo "${RED_TEXT}AD join failed.please check your errors with journalctl -xe${END}"
exit
fi
else
clear
sudo echo "${RED_TEXT}I am having issues to detect your Ubuntu version${END}"
exit
fi
fi
fi
fi_auth
else
echo ""
exit 1
fi
;;
*)
break
;;
esac
done
PRECHECK_FN
Reference in New Issue View Git Blame Copy Permalink