85 lines
2.4 KiB
Bash
Executable File
85 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
# Root-Rechte prüfen
|
||
if [ "$(id -u)" -eq 0 ]; then
|
||
echo "❌ Bitte nicht als root ausführen! Das Skript nutzt sudo, falls nötig."
|
||
exit 1
|
||
fi
|
||
|
||
CURRENT_DIR=$(pwd)
|
||
AUR_CODE_DIR="/var/lib/user_aur_code"
|
||
|
||
sudo pacman -Syu glib2 glib2-devel git --no-confirm
|
||
|
||
mkdir -p $AUR_CODE_DIR
|
||
sudo chmod -R 777 $AUR_CODE_DIR
|
||
|
||
# Install adcli
|
||
cd $AUR_CODE_DIR
|
||
git clone https://aur.archlinux.org/adcli.git
|
||
cd adcli
|
||
|
||
makepkg -sic
|
||
git clean -dfx
|
||
|
||
# Install realmd
|
||
cd $AUR_CODE_DIR
|
||
git clone https://aur.archlinux.org/realmd.git
|
||
cd realmd
|
||
|
||
makepkg -sic
|
||
git clean -dfx
|
||
|
||
cd $CURRENT_DIR
|
||
|
||
sudo mkdir -p /var/lib/samba/private/
|
||
sudo pacman -Syu sssd curl ntp polkit
|
||
|
||
echo "❓ Daten für Domainjoin:"
|
||
read -p "Domänenname: " DOMAIN
|
||
read -p "Adminuser: " ADMIN
|
||
|
||
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
|
||
coms=$( echo "$DOMAIN" | cut -d '.' -f2 )
|
||
|
||
sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/
|
||
|
||
sudo systemctl enable sssd
|
||
sudo systemctl start sssd
|
||
|
||
homedir=$(grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1)
|
||
if [ "$homedir" = "0077" ]
|
||
then
|
||
echo "ℹ️ pam_mkhomedir.so configured"
|
||
sleep 1
|
||
else
|
||
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" | sudo tee -a /etc/pam.d/common-session
|
||
fi
|
||
|
||
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
|
||
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
|
||
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
|
||
sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
|
||
echo "override_homedir = /home/%u" | sudo tee -a /etc/sssd/sssd.conf
|
||
sudo sudo grep -i override /etc/sssd/sssd.conf
|
||
|
||
sudo sed -i '/krb5_realm =/a entry_cache_group_timeout = 5400' /etc/sssd/sssd.conf
|
||
sudo sed -i '/krb5_realm =/a entry_cache_user_timeout = 5400' /etc/sssd/sssd.conf
|
||
|
||
sudo echo "#entry_cache_user_timeout = 5400
|
||
#entry_cache_group_timeout = 5400
|
||
#cache_credentials = TRUE
|
||
### Added to help with group mapping
|
||
###ldap_use_tokengroups = False
|
||
#ldap_schema = rfc2307bis
|
||
#ldap_schema = rfc2307
|
||
#ldap_schema = IPA
|
||
#ldap_schema = AD
|
||
#ldap_search_base = DC=$NetBios,DC=$coms
|
||
#ldap_group_member = uniquemember
|
||
#ad_enable_gc = False
|
||
entry_cache_timeout = 600
|
||
entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives
|
||
|
||
echo "✅ Der Computer muss jetzt neugestartet werden. Vor dem Anmelden etwa 3 Minuten warten!"
|