-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAD-integration.sh
More file actions
executable file
·143 lines (123 loc) · 5.38 KB
/
AD-integration.sh
File metadata and controls
executable file
·143 lines (123 loc) · 5.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/bin/bash
## File to deploy Domain Controler Integration on Centos
## Centos 7.4
## Tested on Azure
## Developer: Manuel Alejandro Peña Sánchez
## AD Integration with sssd
DOMAINREALM=$2
ADUSER=$3
NTPS=$4
DNS1=$5
DNS2=$6
SEARCH=$7
ADPASS=$8
f_news(){
RET=$?
NOK=$1
NBAD=$2
if [ "$RET" -eq 0 ]
then
echo "$NOK"
else
echo "$NBAD"
exit
fi
}
case $1 in
join)
echo "Install SSSD REALM NTPDATE" 2>&1 1> ~/ADEnroll.log
yum -y update 2>&1 1>> ~/ADEnroll.log
f_news "System Updated Correctly" "Had a problem updating System" 2>&1 1>> ~/ADEnroll.log
yum -y install realmd sssd krb5-workstation krb5-libs oddjob oddjob-mkhomedir samba-common-tools ntp krb5-user samba smbfs samba-client sssd-winbind-idmap ntpdate nano 2>&1 1>> ~/ADEnroll.log
f_news "Services Installed Correctly" "Had a problem installing Services" 2>&1 1>> ~/ADEnroll.log
echo "Configure ntpserver" 2>&1 1>> ~/ADEnroll.log
sed -i 's/^server/#server/g' /etc/ntp.conf
f_news "Services Installed Correctly" "Had a problem installing Services" 2>&1 1>> ~/ADEnroll.log
echo server $NTPS >> /etc/ntp.conf
systemctl restart ntpd 2>&1 1>> ~/ADEnroll.log
f_news "NTP Service configured correctly" "Had a problem configuring NTP" 2>&1 1>> ~/ADEnroll.log
echo "Change Secure Settings" 2>&1 1>> ~/ADEnroll.log
echo "SELINUX to Permissive" 2>&1 1>> ~/ADEnroll.log
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
setenforce 0 2>&1 1>> ~/ADEnroll.log
f_news "NTP Service configured correctly" "Had a problem configuring NTP" 2>&1 1>> ~/ADEnroll.log
echo "Setting UP Networking INFO for Active Directory Join"
sed -i 's/PEERDNS=yes/PEERDNS=no/g' /etc/sysconfig/network-scripts/ifcfg-eth0
echo DNS1=$DNS1 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo DNS2=$DNS2 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo SEARCH=$SEARCH >> /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart network 2>&1 1>> ~/ADEnroll.log
f_news "Network Services configured correctly" "Had a problem configuring Network Services" 2>&1 1>> ~/ADEnroll.log
echo "DOMAIN TESTING"
if ping -c3 $DOMAINREALM
then
realm discover $DOMAINREALM 2>&1 1>> ~/ADEnroll.log
f_news "Domain Controler discovered correctly" "Had a problem discovering Domain Controler" 2>&1 1>> ~/ADEnroll.log
else
echo "Domain not reacheable" 2>&1 1>> ~/ADEnroll.log
fi
echo "Domain Join" 2>&1 1>> ~/ADEnroll.log
echo -n $ADPASS|kinit $ADUSER@$DOMAINREALM 2>&1 1>> ~/ADEnroll.log
f_news "Kerberos service configured correctly" "Had a problem configuring Kerberos" 2>&1 1>> ~/ADEnroll.log
echo -n $ADPASS |realm join --verbose $DOMAINREALM -U $ADUSER@$DOMAINREALM 2>&1 1>> ~/ADEnroll.log
f_news "Server joined domain configured correctly" "Had a problem joining Domain" 2>&1 1>> ~/ADEnroll.log
cp /etc/idmapd.conf /etc/idmapd.conf.old
> /etc/idmapd.conf
cat << EOF >> /etc/idmapd.conf
[General]
Domain = $(echo $DOMAINREALM |awk '{ print tolower($0) }')
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
EOF
SSDCNF="s"
if [ "$SSDCNF" == "s" ]
then
mkdir -p /Domain/home
sed -i 's/^default_shell.*/default_shell=\/bin\/bash/g' /etc/sssd/sssd.conf
f_news "SSSD Service configured correctly" "Had a problem configuring SSSD" 2>&1 1>> ~/ADEnroll.log
sed -i 's/^use_fully_qualified_names.*/use_fully_qualified_names=False/g' /etc/sssd/sssd.conf
f_news "SSSD Service configured correctly" "Had a problem configuring SSSD" 2>&1 1>> ~/ADEnroll.log
sed -i 's/^fallback_homedir.*/fallback_homedir=\/Domain\/home\/\%u/g' /etc/sssd/sssd.conf
f_news "SSSD Service configured correctly" "Had a problem configuring SSSD" 2>&1 1>> ~/ADEnroll.log
sed -i 's/^override_homedir.*/override_homedir=\/Domain\/home\/\%u/g' /etc/sssd/sssd.conf
f_news "SSSD Service configured correctly" "Had a problem configuring SSSD" 2>&1 1>> ~/ADEnroll.log
access_provider = ad
cat << EOF >> /etc/sssd/sssd.conf
auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600
EOF
else
echo "Not Overriding SSSD conf" 2>&1 1>> ~/ADEnroll.log
fi
systemctl restart sssd realmd 2>&1 1>> ~/ADEnroll.log
f_news "SSSD Service restarted correctly" "Had a problem restarting SSSD" 2>&1 1>> ~/ADEnroll.log
echo "Domain Integration Testing" 2>&1 1>> ~/ADEnroll.log
echo " ID Testing" 2>&1 1>> ~/ADEnroll.log
id $ADUSER@$DOMAINREALM 2>&1 1>> ~/ADEnroll.log
f_news "Domain Controler User Testing 01 - OK" "Domain Controler User Testing 01 - Had a problem" 2>&1 1>> ~/ADEnroll.log
id $ADUSER 2>&1 1>> ~/ADEnroll.log
f_news "Domain Controler User Testing 02 - OK" "Domain Controler User Testing 02 - Had a problem" 2>&1 1>> ~/ADEnroll.log
echo " SU - Testing" 2>&1 1>> ~/ADEnroll.log
su - $ADUSER@$DOMAINREALM -c pwd 2>&1 1>> ~/ADEnroll.log
f_news "Domain Controler User Testing 03 - OK" "Domain Controler User Testing 03 - Had a problem" 2>&1 1>> ~/ADEnroll.log
su - $ADUSER -c pwd 2>&1 1>> ~/ADEnroll.log
f_news "Domain Controler User Testing 04 - OK" "Domain Controler User Testing 04 - Had a problem" 2>&1 1>> ~/ADEnroll.log
systemctl start slurmd 2>&1 1>> ~/ADEnroll.log
;;
leave)
realm leave -v -U $3 $2 2>&1 1>> ~/ADEnroll.log
;;
*)
echo "Usage: $0 {join REALM ADMINADUSER NTPSERVER DNS1 DNS2 SEARCHDOMAIN PASSWORD | leave REALM ADMINADUSER PASSWORD}"
exit 2
;;
esac