summaryrefslogtreecommitdiffstats
path: root/setup-ads
blob: f5385575b8f8748cf83ac182f3a09ae1c732551e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#!/bin/sh
#
# Join AD
# for uclibc systems
#
# Copyright (c) 2007 A.Poslavsky
# May be distributed under gpl2

# TODO:
# * suggest a domain name based on hostname -d? /etc/resolv.conf?
# * suggest DC server(s) based on 
#     $(dig _kerberos._tcp.dc._msdcs.$DOMAIN SRV  +short)

VERSION=0.1
PROGRAM=setup-ads

. $PREFIX/lib/libalpine.sh

KRBCONF="/etc/krb5.conf"
SMBCONF="/etc/samba/smb.conf"
DOMAINADMIN="Administrator"
PW=""
HOSTNAME=$(hostname)
FORCE=""

retcode=0

die() {
	echo $* >&2
	exit 1
}

ask_info() {

	echo "Configuring kerberos"
	echon "Enter your full Domain name in uppercase [$DOMAIN]: "
	default_read DOMAIN $DOMAIN
	echon "Enter your short Domain name (Workgroup) [$WORKGROUP]: "
	default_read WORKGROUP $WORKGROUP
	echon "Domain controller(s) (separate with space) [$DC]: "
	default_read DC $DC
	echon "Domain Administrator [$DOMAINADMIN]: "
	default_read DOMAINADMIN $DOMAINADMIN
}

conf_krb() {
	[ -f  $KRBCONF ] && cp $KRBCONF $KRBCONF.bak ; [ "$VERBOSE" ] && echo "Making backup copy of $KRBCONF to $KRBCONF.bak"

	echo "Writing $KRBCONF"


	echo "[libdefaults]
	default_realm = $DOMAIN

[realms]
$DOMAIN = {
$(for a in $DC
do
	echo "	kdc = $a"
done)
	admin_server = $(echo $DC | sed "s/ .*//")
}

[login]
	krb4_convert = true
	krb4_get_tickets = true" > $KRBCONF

	kinit $DOMAINADMIN@$DOMAIN || die "Sorry, could not authenticate against kerberos!"
}

join_ads() {
	if [ -f  $SMBCONF ] ; then
		cp $SMBCONF $SMBCONF.bak 
		[ "$VERBOSE" ] && echo "Making backup copy of $SMBCONF to $SMBCONF.bak"
	fi
	echo "smb.conf witten by $PROGRAM

[global]
	# Browsing/Identification
	domain master = no
	domain logons = no
	preferred master = no

	# Domain info
	security = ADS
	password server = $(echo $DC)

	workgroup = $WORKGROUP
	realm = $DOMAIN
	netbios name = $HOSTNAME
	server string = "Samba Server $HOSTNAME"
	allow trusted domains = no
	idmap backend = rid:$WORKGROUP=50000-100000000
	winbind separator = -
	winbind nested groups = Yes
	winbind enum users = yes
	winbind enum groups = yes
	idmap uid = 50000-100000000
	idmap gid = 50000-100000000
	wins server = $(echo $DC)
	guest account = nobody

[testshare]
	comment = Secret data
	writable = yes
	path = /srv/Samba/Test
	public = yes
	" > $SMBCONF

	[ "$VERBOSE" ] && echo "net ads join -W $DOMAIN -S $(echo $DC | sed "s/ .*//")  -U $DOMAINADMIN"
	net ads join -W $DOMAIN -S $(echo $DC | awk '{ print $1 }') -U $DOMAINADMIN\
		|| echo "Sorry could not join $DOMAIN domain" && exit 1
}

check_exist() {
	if [ -f "$SMBCONF" -o -f "$KRBCONF" ] ; then
		[ ! "$FORCE" ] && die "Config file(s) already exist(s),
use -f to force overwriting of these file(s)"
	fi
}

usage() {
	echo "$PROGRAM $VERSION"
	echo "usage: $PROGRAM [options] [args]

Options:
  -h     Show help for subcommand.
  -q     Quiet mode.
  -v     Verbose mode.
  -K     <kerberosconfigfile>
  -S     <sambaconfigfile>
  -U     <domain administrator>
  -D     <domain>
  -P     <password>
  -f     force overwrite of existing configfiles (will do backup)

"
	exit 1
}



# parse common args
while getopts "D:fP:hvU:K:S:" opt ; do
	case "$opt" in
		h)	usage
		 	;;
		P)	PW="$OPTARG"
			;;
		v)	VERBOSE="$VERBOSE -v"
			;;
		U)	DOMAINADMIN="$OPTARG"
			;;
		K)	KRBCONF="$OPTARG"
			;;
		S)	SMBCONF="$OPTARG"
			;;
		D)	DOMAIN="$OPTARG"
			;;
		f)	FORCE="$FORCE -f"
			;;
	esac
done
shift `expr $OPTIND - 1`

apk_add samba-ldap
check_exist
ask_info
conf_krb
join_ads
echo "kerberos initialized, domain joined"

exit $retcode