Script pour joindre machine Centos 7.x a un serveur AD
/!\ Les champs en orange sont a remplacés
Héberger le script sur un GIT et le lancer la commande en root
# bash <(curl http://mongit.domaine.tld/script_centos7)
Le contenu de script_centos7
#!/bin/bash echo #Installer les paquets yum -y install vim epel-release bash-completion bash-completion-extras sssd realmd oddjob oddjob-mkhomedir samba-common-tools chrony tmux yum -y update #Configuration de NTP echo '' echo '****Configuration NTP****' if [ -e /etc/chrony.conf ] then i=1 while [ -e /etc/chrony.conf.old$i ] do let i++ done $(echo "cp /etc/chrony.conf /etc/chrony.conf.old$i") fi for file in /etc/chrony.conf do echo "Traitement de $file ..." echo '' sed -i -e "s/0.centos.pool.ntp.org/serveurad1.domaine.tld/g" "$file" sed -i -e "s/1.centos.pool.ntp.org/serveurad2.domaine.tld/g" "$file" sed -i -e "s/2.centos.pool.ntp.org/serveurad3.domaine.tld/g" "$file" done systemctl restart chronyd #Joindre la machine a l'AD echo '****Configuration AD****' realm join -U svc_wds --verbose --os-name=Centos --os-version=7 --computer-ou="ou=Centos,ou=Servers,ou=ville,ou=pays,ou=site,ou=societe,dc=domaine,dc=tld" domaine.tld echo '' #Corriger la configuration générée echo '****Configuration sssd****' if [ -e /etc/sssd/sssd.conf ] then i=1 while [ -e /etc/sssd/sssd.conf.old$i ] do let i++ done $(echo "cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.old$i") fi for file in /etc/sssd/sssd.conf do echo "Traitement de $file ..." echo '' sed -i -e "s/use_fully_qualified_names = True/use_fully_qualified_names = False/g" "$file" sed -i -e "s/%u@%d/DOMAINE(Majuscule)\/%u/g" "$file" done systemctl restart sssd #Configuration Sudo echo '****Configuration sudo****' echo "Traitement de /etc/sudoers ..." echo '' sed -i '92i%groupe-ldap ALL=(ALL) ALL' /etc/sudoers #Désactiver la connexion en root via SSH echo '****Configuration ssh****' if [ -e /etc/ssh/sshd_config ] then i=1 while [ -e /etc/ssh/sshd_config.old$i ] do let i++ done $(echo "cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old$i") fi for file in /etc/ssh/sshd_config do echo "Traitement de $file ..." echo '' sed -i -e "s/#PermitRootLogin yes/PermitRootLogin no/g" "$file" done systemctl reload sshd #Restreindre les autorisations de connexion en SSH aux groupes IT realm deny --all realm permit -g groupe-ldap echo 'Configuration Complete!'