#!/bin/bash if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # ask for the domain, username, and password read -e -p "Enter Domain Name: " -i "home.johnhgaunt.com" domain read -e -p "Enter netBIOS Name: " -i "GAUNT" netbiosname read -e -p "Enter Domain Admin Username: " -i "jgaunto" username read -e -s -p "Enter ${username}'s Password: " password # get OS ditro and version OS=$(hostnamectl | awk '/Operating System/ {print $3}') if [ "${OS}" == "Ubuntu" ]; then OS_VER=$(hostnamectl | awk '/Operating System/ {print $4}') else OS_VER=$(hostnamectl | awk '/Operating System/ {print $5}') fi # set os name and version for when the computer joins AD echo "[active-directory]" > /etc/realmd.conf echo "os-name = ${OS}" >> /etc/realmd.conf echo "os-version = ${OS_VER}" >> /etc/realmd.conf # join the computer to the domain if [ ${OS} == "Debian" ] || [ ${OS} == "Ubuntu" ]; then echo ${password} | realm join --user=${username} --computer-ou=OU=Servers --install=/ ${domain} echo " " >> /etc/pam.d/common-session echo "#oddjob-mkhomedir manual entry" >> /etc/pam.d/common-session echo "session optional pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session elif [ "${OS}" == "CentOS" ]; then echo ${password} | realm join --user=${username} --computer-ou=OU=Servers ${domain} fi # Get hostname hostname=$(hostnamectl | awk '/Static hostname:/ {print $3}') # set the sssd options for our domain cat < "/etc/sssd/conf.d/${netbiosname}.conf" [domain/${domain}] use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = simple simple_allow_groups = Domain Admins, Server Admins ad_hostname = ${hostname}.${domain} dyndns_update = true dyndns_refresh_interval = 43200 dyndns_update_ptr = true dyndns_ttl = 3600 EOF # make sure the permissions are correct chmod 600 "/etc/sssd/conf.d/${netbiosname}.conf" # reboot sssd systemctl restart sssd # set the sudoers.d file for the server admins cat << EOF > /etc/sudoers.d/${netbiosname} ## ${netbiosname} Admins ## # Allow members of ${netbiosname}\Domain Admins group sudo access %Domain\ Admins ALL=(ALL:ALL) ALL # Allow members of ${netbiosname}\Server Admins group sudo access %Server\ Admins ALL=(ALL:ALL) ALL EOF