summaryrefslogtreecommitdiff
path: root/s5_auth.sh
blob: 046e9bdbb2362f8b950586b1a1b72e840dc531c6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

#!/bin/bash
# File: /root/s5_auth.sh
# Package: deployscripts
# Author: bgstack15
# Startdate: 2016-08-02
# Title: Template Script 5: AD Authorization
# Purpose: To join AD for users and groups
# History: 2016-08-02 given original headers
# Usage: ./s5[tab][auth]
# Reference:
#    "\\example.com\staff\IT\PlatformServices\Linux\Templates\Building the Centos 7 Template.docx"
# Improve:

eval flavor=$( grep -iE "^\s*ID=" /etc/os-release 2>/dev/null | sed 's/^.*=//;' )
if test -z "${flavor}"; then test "$( uname -s )" = "FreeBSD" && flavor=freebsd; fi

thisuser="Bgstack15"

case "${flavor}" in
   centos|redhat|ubuntu|debian)
      realm join example.com -U "${thisuser}" --install=/
      /bin/cp -fp /etc/sssd/sssd.conf      /etc/sssd/sssd.conf.orig
      /bin/cp -fp /etc/sssd/sssd.conf.example  /etc/sssd/sssd.conf
      chmod 600   /etc/sssd/sssd.conf
      
      /bin/cp -fp /etc/krb5.conf       /etc/krb5.conf.orig
      /bin/cp -fp /etc/krb5.conf.example   /etc/krb5.conf
      chmod 644   /etc/krb5.conf
      
      sed -i -e '\|^sudoers:.*|h; ${x;s/sudoers://;{g;tF};a\' -e 'sudoers:\tfiles' -e '};:F;s/.*sudoers:.*/sudoers:\tfiles/g;' /etc/nsswitch.conf
      
      systemctl restart sssd.service
      time id "${thisuser}" | fold -w 80 | head
      
      cat <<EOF > /etc/cron.d/keepadalive
# File: /etc/cron.d/keepadalive
# Purpose: keeps ad user authentication active and fast, by frequently asking for group info for a user
*/5 * * * *  root  /usr/bin/id Bgstack15 >/dev/null 2>&1
EOF
      ;;
   freebsd)
      kinit "${thisuser}"
      net ads join -k -U "${thisuser}"
      kdestroy
      kinit -k "$( hostname -s | tr 'a-z' 'A-Z')\$"
      /root/updateval.sh /etc/crontab '^#.*\/kinithost.sh' '0,30\t*\t*\t*\t*\troot\t\/usr\/local\/bin\/kinithost\.sh' --apply
      # enable services
      /root/updateval.sh /etc/rc.conf '^samba_server_enable=.*' 'samba_server_enable="YES"' --apply
      /root/updateval.sh /etc/rc.conf '^sssd_enable=.*' 'sssd_enable="YES"' --apply
      # cannot start services regularly until a reboot, so onestart for now
      service samba_server start
      service sssd start
      ;;
   *)
      echo "Cannot identify OS/flavor. Aborted." && exit 2
      ;;
esac
bgstack15