Script pour joindre machine Centos 7.x a un serveur AD
/!\ Les champs en orange sont a remplacés
Héberger le script sur un GIT et le lancer la commande en root
1 |
# bash <(curl http://mongit.domaine.tld/script_centos7) |
Le contenu de script_centos7
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
#!/bin/bash echo #Installer les paquets yum -y install vim epel-release bash-completion bash-completion-extras sssd realmd oddjob oddjob-mkhomedir samba-common-tools chrony tmux yum -y update #Configuration de NTP echo '' echo '****Configuration NTP****' if [ -e /etc/chrony.conf ] then i=1 while [ -e /etc/chrony.conf.old$i ] do let i++ done $(echo "cp /etc/chrony.conf /etc/chrony.conf.old$i") fi for file in /etc/chrony.conf do echo "Traitement de $file ..." echo '' sed -i -e "s/0.centos.pool.ntp.org/<span style="color: #ff6600;"><strong>serveurad1.domaine.tld</strong></span>/g" "$file" sed -i -e "s/1.centos.pool.ntp.org/<span style="color: #ff6600;"><strong>serveurad2.domaine.tld</strong></span>/g" "$file" sed -i -e "s/2.centos.pool.ntp.org/<span style="color: #ff6600;"><strong>serveurad3.domaine.tld</strong></span>/g" "$file" done systemctl restart chronyd #Joindre la machine a l'AD echo '****Configuration AD****' realm join -U svc_wds --verbose --os-name=Centos --os-version=7 --computer-ou="ou=Centos,ou=Servers,ou=<span style="color: #ff6600;"><strong>ville</strong></span>,ou=<span style="color: #ff6600;"><strong>pays</strong></span>,ou=<span style="color: #ff6600;"><strong>site</strong></span>,ou=<span style="color: #ff6600;"><strong>societe</strong></span>,dc=<span style="color: #ff6600;"><strong>domaine</strong></span>,dc=<span style="color: #ff6600;"><strong>tld</strong></span>" <span style="color: #ff6600;"><strong>domaine.tld</strong></span> echo '' #Corriger la configuration générée echo '****Configuration sssd****' if [ -e /etc/sssd/sssd.conf ] then i=1 while [ -e /etc/sssd/sssd.conf.old$i ] do let i++ done $(echo "cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.old$i") fi for file in /etc/sssd/sssd.conf do echo "Traitement de $file ..." echo '' sed -i -e "s/use_fully_qualified_names = True/use_fully_qualified_names = False/g" "$file" sed -i -e "s/%u@%d/<span style="color: #ff9900;"><strong>DOMAINE(Majuscule)</strong></span>\/%u/g" "$file" done systemctl restart sssd #Configuration Sudo echo '****Configuration sudo****' echo "Traitement de /etc/sudoers ..." echo '' sed -i '92i%<span style="color: #ff6600;">groupe-ldap</span> ALL=(ALL) ALL' /etc/sudoers #Désactiver la connexion en root via SSH echo '****Configuration ssh****' if [ -e /etc/ssh/sshd_config ] then i=1 while [ -e /etc/ssh/sshd_config.old$i ] do let i++ done $(echo "cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old$i") fi for file in /etc/ssh/sshd_config do echo "Traitement de $file ..." echo '' sed -i -e "s/#PermitRootLogin yes/PermitRootLogin no/g" "$file" done systemctl reload sshd #Restreindre les autorisations de connexion en SSH aux groupes IT realm deny --all realm permit -g <span style="color: #ff6600;"><strong>groupe-ldap</strong></span> echo 'Configuration Complete!' |