#!/bin/bash
h=$HOSTNAME;
echo $h
t=`echo $h | grep <span style="color: #ff9900;"><strong>domaine.tld</strong></span>`
if [ $t ]
then
h=$(echo $t | sed 's/.<span style="color: #ff9900;">domaine.tld</span>//')
fi
echo
# Edit mdp root
read -s -p "Entrer le mdp du compte 'root' " passroot;echo
#Set local accounts
useradd <strong><span style="color: #ff9900;">compte_local</span></strong>
usermod -aG sudo <span style="color: #ff9900;"><strong>compte_local</strong></span>
echo "root:$passroot" | chpasswd
echo "<span style="color: #ff9900;"><strong>compte_local</strong></span>:$passcompte_local" | chpasswd
# Installer les paquets
apt-get -y install vim ssh krb5-user samba winbind sudo ntp libpam-ccreds nss-updatedb ntpdate libnss-winbind libpam-winbind krb5-config krb5-locales tmux
apt-get -y update
apt install --install-recommends linux-image-generic-hwe-16.04 xserver-xorg-hwe-16.04
#Configuration de NTP
echo ''
echo '****Configuration NTP****'
if [ -e /etc/ntp.conf ]
then
i=1
while [ -e /etc/ntp.conf.old$i ]
do
let i++
done
$(echo "cp /etc/ntp.conf /etc/ntp.conf.old$i")
fi
for file in /etc/ntp.conf
do
echo ''
echo "**********************Traitement de $file ...******************************"
sed -i -e "s/0.ubuntu.pool.ntp.org/<span style="color: #ff9900;"><strong>serveurad1.domaine.tld</strong></span>/g" "$file"
sed -i -e "s/1.ubuntu.pool.ntp.org/<span style="color: #ff9900;"><strong>serveurad2.domaine.tld</strong></span>/g" "$file"
sed -i -e "s/2.ubuntu.pool.ntp.org/<span style="color: #ff9900;"><strong>serveurad3.domaine.tld</strong></span>/g" "$file"
done
if [ -e /etc/hosts ]
then
i=1
while [ -e /etc/hosts.old$i ]
do
let i++
done
$(echo "cp /etc/hosts /etc/hosts.old$i")
fi
for file in /etc/hosts
do
echo "Traitement de $file ..."
sed -i -e "s/$h/$h.<span style="color: #ff9900;"><strong>domaine.tld</strong></span> $h/g" "$file"
done
#Configuration de Kerberos
echo ''
echo '****Configuration de Kerberos****'
if [ -e /etc/krb5.conf ]
then
i=1
while [ -e /etc/krb5.conf.old$i ]
do
let i++
done
$(echo "cp /etc/krb5.conf /etc/krb5.conf.old$i")
fi
for file in /etc/krb5.conf
do
echo ''
echo "**********************Traitement de $file ...******************************"
sed -i -e "s/ATHENA.MIT.EDU/<strong><span style="color: #ff9900;">DOMAINE.TLD(Majuscule)</span></strong>/g" "$file"
sed -i -e "/kdc = kerberos-1.mit.edu:88/d" "$file"
sed -i -e "/kdc = kerberos-2.mit.edu:88/d" "$file"
sed -i -e "s/kerberos.mit.edu:88/<span style="color: #ff9900;"><strong>192.168.x.x</strong></span>(/g" "$file"
sed -i -e "s/kerberos.mit.edu/<span style="color: #ff9900;"><strong>192.168.x.x</strong></span>/g" "$file"
sed -i -e "s/= mit.edu/= <span style="color: #ff9900;"><strong>DOMAINE.TLD(Majuscule)</strong></span>/g" "$file"
sed -i -e "s/mit.edu/<strong><span style="color: #ff9900;">domaine.tld</span></strong>/g" "$file"
done
#Configuration de Samba
echo ''
echo '****Configuration de Samba****'
echo ''
echo "**********************Traitement de /etc/samba/smb.conf ...******************************"
if [ -e /etc/samba/smb.conf ]
then
i=1
while [ -e /etc/samba/smb.conf.old$i ]
do
let i++
done
$(echo "cp /etc/samba/smb.conf /etc/samba/smb.conf.old$i")
fi
cat <<EOF > /etc/samba/smb.conf
[global]
workgroup = <span style="color: #ff9900;"><strong>DOMAINE(Majuscule)</strong></span>
security = ADS
realm = <span style="color: #ff9900;"><strong>DOMAINE.TLD(Majuscule)</strong></span>
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 16777216-33554431
winbind allow trusted domains = no
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = yes
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = No
ldap ssl = no
template homedir = /home/<span style="color: #ff9900;"><strong>DOMAINE(Majuscule)</strong></span>/%U
template shell = /bin/bash
EOF
cat <<EOF >> /etc/security/pam_winbind.conf
#
# Fichier de configuration pam_winbind
#
# /etc/security/pam_winbind.conf
#
[global]
# (nécessite "winbind offline logon = yes" dans smb.conf)
cached_login = yes
EOF
#Reload pam
pam-auth-update
#update users local
nss_updatedb winbind
#edit crontab
crontab -l > root
echo "0 13 * * * root nss_updatedb winbind" >> root
crontab root
#Ajout de la machine a l'AD avec un compte de service
net join ads -U <span style="color: #ff9900;"><strong>compte_de_service</strong></span>_AD%"$passAD"
#Configuration NSS
echo ''
echo "**********************Traitement de /etc/nsswitch.conf ...******************************"
if [ -e /etc/nsswitch.conf ]
then
i=1
while [ -e /etc/nsswitch.conf.old$i ]
do
let i++
done
$(echo "cp /etc/nsswitch.conf /etc/nsswitch.conf.old$i")
fi
sed -i -r -e "s/^((passwd|shadow|group):.*)/\1 winbind db/" /etc/nsswitch.conf
#Configuration PAM
echo ''
echo "**********************Traitement de Pam ...******************************"
sed -i '17iauth sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass' /etc/pam.d/common-auth
sed -i '17iauth sufficient pam_unix.so nullok_secure' /etc/pam.d/common-auth
sed -i '17iaccount sufficient pam_winbind.so' /etc/pam.d/common-account
sed -i '17iaccount sufficient pam_unix.so' /etc/pam.d/common-account
sed -i '25isession required pam_mkhomedir.so skel=/etc/skel umask=0022' /etc/pam.d/common-session
#Restart winbind et samba
echo ''
echo "**********************Restart winbind et samba ...******************************"
service smbd restart
service nmbd restart
service winbind restart
#Configuration Sudo
echo ''
echo "**********************Edit visudo ...******************************"
sed -i '21i%<span style="color: #ff9900;"><strong>groupe-ldap</strong></span> ALL=(ALL) ALL' /etc/sudoers
#Configuration lightdm
echo ''
echo "**********************Edit lightdm ...******************************"
mkdir -p /etc/lightdm/lightdm.conf.d
cat <<EOF >> /etc/lightdm/lightdm.conf.d/50-disable-guest.conf
#
[SeatDefaults]
allow-guest=false
EOF
cat <<EOF >> /etc/lightdm/lightdm.conf.d/50-show-manual-login.conf
#
[SeatDefaults]
greeter-show-manual-login=true
EOF
echo 'Configuration Complete!'