76 lines
2.6 KiB
Bash
Executable File
76 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
# Root-Rechte prüfen
|
||
if [ "$(id -u)" -eq 0 ]; then
|
||
echo "❌ Bitte nicht als root ausführen! Das Skript nutzt sudo, falls nötig."
|
||
exit 1
|
||
fi
|
||
|
||
yay -Syu
|
||
|
||
# Installiere adcli mit yay
|
||
yay -S --noconfirm adcli || { echo "❌ Fehler beim Installieren von adcli"; exit 1; }
|
||
|
||
# Installiere realmd mit yay
|
||
yay -S --noconfirm realmd || { echo "❌ Fehler beim Installieren von realmd"; exit 1; }
|
||
|
||
# Samba-Verzeichnis erstellen
|
||
sudo mkdir -p /var/lib/samba/private/
|
||
|
||
# Installiere notwendige Pakete
|
||
sudo pacman -Syu --noconfirm sssd curl ntp polkit
|
||
|
||
echo "❓ Daten für Domainjoin:"
|
||
read -p "Domänenname: " DOMAIN
|
||
read -p "Adminuser: " ADMIN
|
||
|
||
# NetBIOS und COMS extrahieren
|
||
NetBios=$(echo "$DOMAIN" | cut -d '.' -f1)
|
||
coms=$(echo "$DOMAIN" | cut -d '.' -f2)
|
||
|
||
# Realm joinen
|
||
sudo realm join --verbose --user="$ADMIN" "$DOMAIN" --install=/ || { echo "❌ Fehler beim Domainjoin"; exit 1; }
|
||
|
||
# SSSD aktivieren und starten
|
||
sudo systemctl enable sssd
|
||
sudo systemctl start sssd
|
||
|
||
# PAM-Konfiguration überprüfen und anpassen
|
||
homedir=$(grep homedir /etc/pam.d/common-session | grep 0077 | cut -d '=' -f3 | head -1)
|
||
if [ "$homedir" = "0077" ]; then
|
||
echo "ℹ️ pam_mkhomedir.so konfiguriert"
|
||
sleep 1
|
||
else
|
||
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" | sudo tee -a /etc/pam.d/common-session
|
||
fi
|
||
|
||
# SSSD-Konfigurationsdatei anpassen
|
||
sudo sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
|
||
sudo sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
|
||
sudo sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
|
||
sudo sed -i -e 's/sudoers: files sss/sudoers: files/g' /etc/nsswitch.conf
|
||
echo "override_homedir = /home/%u" | sudo tee -a /etc/sssd/sssd.conf
|
||
sudo grep -i override /etc/sssd/sssd.conf
|
||
|
||
# Weitere Anpassungen an der SSSD-Konfiguration
|
||
sudo sed -i '/krb5_realm =/a entry_cache_group_timeout = 5400' /etc/sssd/sssd.conf
|
||
sudo sed -i '/krb5_realm =/a entry_cache_user_timeout = 5400' /etc/sssd/sssd.conf
|
||
|
||
# Zusätzliche SSSD-Alternativen
|
||
sudo echo "#entry_cache_user_timeout = 5400
|
||
#entry_cache_group_timeout = 5400
|
||
#cache_credentials = TRUE
|
||
### Added to help with group mapping
|
||
###ldap_use_tokengroups = False
|
||
#ldap_schema = rfc2307bis
|
||
#ldap_schema = rfc2307
|
||
#ldap_schema = IPA
|
||
#ldap_schema = AD
|
||
#ldap_search_base = DC=$NetBios,DC=$coms
|
||
#ldap_group_member = uniquemember
|
||
#ad_enable_gc = False
|
||
entry_cache_timeout = 600
|
||
entry_cache_nowait_percentage = 75 " | sudo tee -a /etc/sssd/sssd.alternatives
|
||
|
||
echo "✅ Der Computer muss jetzt neugestartet werden. Vor dem Anmelden etwa 3 Minuten warten!"
|