-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathubuntu-domainjoin.sh
More file actions
106 lines (87 loc) · 2.71 KB
/
ubuntu-domainjoin.sh
File metadata and controls
106 lines (87 loc) · 2.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/bin/bash
## Ubuntu domain join
set -e
# Function to display usage
usage() {
echo "Usage: $0 --hostname HOSTNAME --user USERNAME --realm REALM"
echo
echo "Options:"
echo " --hostname Specify the server hostname"
echo " --user Specify the username"
echo " --realm Specify the realm (e.g., 45drives.local)"
exit 1
}
# If no arguments passed, show usage
[[ $# -eq 0 ]] && usage
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--hostname)
HOSTNAME="$2"
shift 2
;;
--user)
USERNAME="$2"
shift 2
;;
--realm)
REALM="$2"
shift 2
;;
*)
echo "Unknown option: $1"
usage
;;
esac
done
# Validate required variables
if [[ -z "$HOSTNAME" || -z "$USERNAME" || -z "$REALM" ]]; then
echo "Error: --hostname, --user, and --realm arguments are required."
usage
fi
# Force the realm to uppercase for Kerberos
REALM_UPPER="${REALM^^}"
echo "Username: $USERNAME"
echo "Realm: $REALM_UPPER"
echo "Installing prerequisite packages: realmd, samba, krb5-user..."
apt install -y realmd samba krb5-user
# Normalize case for comparison
HOSTNAME_LOWER=$(echo "$HOSTNAME" | tr '[:upper:]' '[:lower:]')
REALM_LOWER=$(echo "$REALM" | tr '[:upper:]' '[:lower:]')
# Only append the realm if it is not already part of the hostname
if [[ "$HOSTNAME_LOWER" == *"$REALM_LOWER"* ]]; then
echo "Hostname already contains the realm. Leaving it as: $HOSTNAME"
FINAL_HOSTNAME="$HOSTNAME"
else
FINAL_HOSTNAME="$HOSTNAME.$REALM_LOWER"
echo "Setting hostname to: $FINAL_HOSTNAME"
hostnamectl set-hostname "$FINAL_HOSTNAME"
fi
currentTimestamp=$(date +%y-%m-%d-%H:%M:%S)
if [ -f /etc/samba/smb.conf ]; then
echo "Backing up existing samba conf to /etc/samba/smb.conf.$currentTimestamp.bak"
mv /etc/samba/smb.conf /etc/samba/smb.conf.$currentTimestamp.bak
else
echo "File /etc/samba/smb.conf does not exist. Skipping."
fi
echo "Generating kerberos ticket, please enter password at the prompt..."
kinit "$USERNAME@$REALM_UPPER"
echo "Validating we can discover the domain..."
realm discover "$REALM_UPPER"
echo "Joining the domain..."
realm join --user="$USERNAME" --membership-software=samba --client-software=winbind --server-software=active-directory "$REALM_UPPER"
echo "Outputting domain join validation..."
realm list
echo "Configuring smb.conf to use net registry"
echo "include = registry" >> /etc/samba/smb.conf
echo "Updating /etc/nsswitch.conf to use winbind"
sed -i -E '/^(passwd|group):/ s/\bsss\b/winbind/g' /etc/nsswitch.conf
echo "Configuring /etc/krb5.conf"
cat <<EOF >/etc/krb5.conf
[libdefaults]
default_realm = $REALM_UPPER
dns_lookup_realm = false
dns_lookup_kdc = true
EOF
# pam-auth-update --enable mkhomedir
systemctl enable --now smbd