diff options
| author | B Stack <bgstack15@gmail.com> | 2016-10-20 16:15:23 -0400 |
|---|---|---|
| committer | B Stack <bgstack15@gmail.com> | 2016-10-20 16:15:23 -0400 |
| commit | d60ed67fa4eeeba312646358316e49c0a6cbc6f6 (patch) | |
| tree | 7cec285c82c1e15cc021086899165afb7bed2385 /s5_auth.sh | |
| download | deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.tar.gz deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.tar.bz2 deployscripts-d60ed67fa4eeeba312646358316e49c0a6cbc6f6.zip | |
initial commit
Diffstat (limited to 's5_auth.sh')
| -rwxr-xr-x | s5_auth.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/s5_auth.sh b/s5_auth.sh new file mode 100755 index 0000000..046e9bd --- /dev/null +++ b/s5_auth.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# File: /root/s5_auth.sh +# Package: deployscripts +# Author: bgstack15 +# Startdate: 2016-08-02 +# Title: Template Script 5: AD Authorization +# Purpose: To join AD for users and groups +# History: 2016-08-02 given original headers +# Usage: ./s5[tab][auth] +# Reference: +# "\\example.com\staff\IT\PlatformServices\Linux\Templates\Building the Centos 7 Template.docx" +# Improve: + +eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' ) +if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi + +thisuser="Bgstack15" + +case "${flavor}" in + centos|redhat|ubuntu|debian) + realm join example.com -U "${thisuser}" --install=/ + /bin/cp -fp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig + /bin/cp -fp /etc/sssd/sssd.conf.example /etc/sssd/sssd.conf + chmod 600 /etc/sssd/sssd.conf + + /bin/cp -fp /etc/krb5.conf /etc/krb5.conf.orig + /bin/cp -fp /etc/krb5.conf.example /etc/krb5.conf + chmod 644 /etc/krb5.conf + + sed -i -e '\|^sudoers:.*|h; ${x;s/sudoers://;{g;tF};a\' -e 'sudoers:\tfiles' -e '};:F;s/.*sudoers:.*/sudoers:\tfiles/g;' /etc/nsswitch.conf + + systemctl restart sssd.service + time id "${thisuser}" | fold -w 80 | head + + cat <<EOF > /etc/cron.d/keepadalive +# File: /etc/cron.d/keepadalive +# Purpose: keeps ad user authentication active and fast, by frequently asking for group info for a user +*/5 * * * * root /usr/bin/id Bgstack15 >/dev/null 2>&1 +EOF + ;; + freebsd) + kinit "${thisuser}" + net ads join -k -U "${thisuser}" + kdestroy + kinit -k "$( hostname -s | tr 'a-z' 'A-Z')\$" + /root/updateval.sh /etc/crontab '^#.*\/kinithost.sh' '0,30\t*\t*\t*\t*\troot\t\/usr\/local\/bin\/kinithost\.sh' --apply + # enable services + /root/updateval.sh /etc/rc.conf '^samba_server_enable=.*' 'samba_server_enable="YES"' --apply + /root/updateval.sh /etc/rc.conf '^sssd_enable=.*' 'sssd_enable="YES"' --apply + # cannot start services regularly until a reboot, so onestart for now + service samba_server start + service sssd start + ;; + *) + echo "Cannot identify OS/flavor. Aborted." && exit 2 + ;; +esac |