blob: d0dd29b52efead1a8dc84ced45da115ad5168ba6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
#!/bin/sh
#
# Join AD
# for uclibc systems
#
# Copyright (c) 2007 A.Poslavsky
# May be distributed under gpl2
# TODO:
# * suggest a domain name based on hostname -d? /etc/resolv.conf?
# * suggest DC server(s) based on
# $(dig _kerberos._tcp.dc._msdcs.$DOMAIN SRV +short)
VERSION=@VERSION@
PROGRAM=setup-ads
. $PREFIX/lib/libalpine.sh
KRBCONF="/etc/krb5.conf"
SMBCONF="/etc/samba/smb.conf"
DOMAINADMIN="Administrator"
PW=""
HOSTNAME=$(hostname)
FORCE=""
retcode=0
die() {
echo $* >&2
exit 1
}
ask_info() {
echo "Configuring kerberos"
echon "Enter your full Domain name in uppercase [$DOMAIN]: "
default_read DOMAIN $DOMAIN
echon "Enter your short Domain name (Workgroup) [$WORKGROUP]: "
default_read WORKGROUP $WORKGROUP
echon "Domain controller(s) (separate with space) [$DC]: "
default_read DC $DC
echon "Domain Administrator [$DOMAINADMIN]: "
default_read DOMAINADMIN $DOMAINADMIN
}
conf_krb() {
[ -f $KRBCONF ] && cp $KRBCONF $KRBCONF.bak ; [ "$VERBOSE" ] && echo "Making backup copy of $KRBCONF to $KRBCONF.bak"
echo "Writing $KRBCONF"
echo "[libdefaults]
default_realm = $DOMAIN
[realms]
$DOMAIN = {
$(for a in $DC
do
echo " kdc = $a"
done)
admin_server = $(echo $DC | sed "s/ .*//")
}
[login]
krb4_convert = true
krb4_get_tickets = true" > $KRBCONF
kinit $DOMAINADMIN@$DOMAIN || die "Sorry, could not authenticate against kerberos!"
}
join_ads() {
if [ -f $SMBCONF ] ; then
cp $SMBCONF $SMBCONF.bak
[ "$VERBOSE" ] && echo "Making backup copy of $SMBCONF to $SMBCONF.bak"
fi
echo "smb.conf witten by $PROGRAM
[global]
# Browsing/Identification
domain master = no
domain logons = no
preferred master = no
# Domain info
security = ADS
password server = $(echo $DC)
workgroup = $WORKGROUP
realm = $DOMAIN
netbios name = $HOSTNAME
server string = "Samba Server $HOSTNAME"
allow trusted domains = no
idmap backend = rid:$WORKGROUP=50000-100000000
winbind separator = -
winbind nested groups = Yes
winbind enum users = yes
winbind enum groups = yes
idmap uid = 50000-100000000
idmap gid = 50000-100000000
wins server = $(echo $DC)
guest account = nobody
[testshare]
comment = Secret data
writable = yes
path = /srv/Samba/Test
public = yes
" > $SMBCONF
[ "$VERBOSE" ] && echo "net ads join -W $DOMAIN -S $(echo $DC | sed "s/ .*//") -U $DOMAINADMIN"
net ads join -W $DOMAIN -S $(echo $DC | awk '{ print $1 }') -U $DOMAINADMIN\
|| echo "Sorry could not join $DOMAIN domain" && exit 1
}
check_exist() {
if [ -f "$SMBCONF" -o -f "$KRBCONF" ] ; then
[ ! "$FORCE" ] && die "Config file(s) already exist(s),
use -f to force overwriting of these file(s)"
fi
}
usage() {
echo "$PROGRAM $VERSION"
echo "usage: $PROGRAM [options] [args]
Options:
-h Show help for subcommand.
-q Quiet mode.
-v Verbose mode.
-K <kerberosconfigfile>
-S <sambaconfigfile>
-U <domain administrator>
-D <domain>
-P <password>
-f force overwrite of existing configfiles (will do backup)
"
exit 1
}
# parse common args
while getopts "D:fP:hvU:K:S:" opt ; do
case "$opt" in
h) usage
;;
P) PW="$OPTARG"
;;
v) VERBOSE="$VERBOSE -v"
;;
U) DOMAINADMIN="$OPTARG"
;;
K) KRBCONF="$OPTARG"
;;
S) SMBCONF="$OPTARG"
;;
D) DOMAIN="$OPTARG"
;;
f) FORCE="$FORCE -f"
;;
esac
done
shift `expr $OPTIND - 1`
apk add samba-ldap
check_exist
ask_info
conf_krb
join_ads
echo "kerberos initialized, domain joined"
exit $retcode
|