Pages

Bash script for joining redhat linux computer to windows domain

#!/bin/bash

s1=$(cat /etc/redhat-release)
s2="release"
pos1=$(awk -v a="$s1" -v b="$s2" 'BEGIN{print index(a,b)}')
pos=$((pos1+7))
redhat_version=${s1:$pos:1}
cd $(dirname $0)
script_dir=$PWD
time_stamp=$(date +%d_%m_%Y-%H_%M_%S)
host_name_fqdn=`hostname -f`
host_name=`hostname -s`
domain_fqdn=`hostname -d`
read -p "Set domain smbworkgroup: " domain_name
domain_list=('domain1.local' 'domain2.local' 'domain3.local' )
samba_base_version=3.5

float_test() {
echo | awk 'END { exit ( !( '"$1"')); }'
}

echo "Checking prerequisites..."

FOUND=`echo ${domain_list[*]} | grep "$domain_fqdn"`
if [ "${FOUND}" == "" ]
then
echo $domain_fqdn" --There is no such domain!!!"
exit 1
else
echo "Domain accepted..."
fi

FOUND=`host -t srv _kerberos._tcp."$domain_fqdn" | grep "has SRV record"`
if [ "${FOUND}" == "" ]
then
echo $domain_fqdn" --DNS can not resolve SRV records!!!"
exit 2
else
echo "SRV records found..."
fi

FOUND=`rpm -qa| grep "pam_krb5"`
if [ "${FOUND}" == "" ]
then
echo "pam_krb5 pacgake is not installed!!!"
exit 3
else
echo "pam_krb5 pacgake is installed..."
fi

FOUND=`rpm -qa| grep "authconfig"`
if [ "${FOUND}" == "" ]
then
echo "authconfig pacgake is not installed!!!"
exit 4
else
echo "authconfig pacgake is installed..."
fi

FOUND=`rpm -qa| grep "samba-common"`
if [ "${FOUND}" == "" ]
then
echo "samba-common pacgake is not installed!!!"
exit 5
else
echo "samba-common pacgake is installed..."
fi

if [ "$redhat_version" == "5" ]
then
FOUND=`rpm -qa |grep "samba-client"`
if [ "${FOUND}" == "" ]
then
echo "samba-client pacgake is not installed!!!"
exit 6
else
echo "samba-client pacgake is installed..."
fi
fi

if [ "$redhat_version" == "6" ]
then
FOUND=`rpm -qa |grep "samba-winbind-clients"`
if [ "${FOUND}" == "" ]
then
echo "samba-winbind-clients pacgake is not installed!!!"
exit 7
else
echo "samba-winbind-clients pacgake is installed..."
fi
fi

if [ "$redhat_version" == "6" ]
then
FOUND=`rpm -qa | grep "samba-winbind" |grep -v "samba-winbind-clients"`
if [ "${FOUND}" == "" ]
then
echo "samba-winbind pacgake is not installed!!!"
exit 8
else
echo "samba-winbind pacgake is installed..."
fi
fi

echo "Prerequisites checked..."
chkconfig winbind on

if [[ ! -d "/home/$domain_name" ]]; then
mkdir /home/$domain_name
fi

chmod 0777 /home/$domain_name

cp /etc/samba/smb.conf /etc/samba/smb.conf.$time_stamp

authconfig --disablecache --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=$domain_name --smbrealm=$domain_fqdn --enablewinbindusedefaultdomain --winbindtemplatehomedir=/home/$domain_name/%U --winbindtemplateshell=/bin/bash --enablekrb5 --krb5realm=$domain_fqdn --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall

samba_rpm=`rpm -q samba-common`
samba_version=${samba_rpm#samba-common-}
samba_version=${samba_version:0:3}
float_test "$samba_version < $samba_base_version" && is_samba_old="yes"
float_test "$samba_version < $samba_base_version" || is_samba_old="no"

if [ "$is_samba_old" == "yes" ]
then
echo "Old samba version..."
sed -i -e "s/idmap uid/#idmap uid/g" /etc/samba/smb.conf
sed -i -e "s/idmap gid/#idmap gid/g" /etc/samba/smb.conf
sed -i -e "/#idmap uid/ i\ idmap config "$domain_name":range = 100000-1000000" /etc/samba/smb.conf
sed -i -e "/idmap config "$domain_name":range = 100000-1000000/ i\ idmap config "$domain_name":base_rid = 100000" /etc/samba/smb.conf
sed -i -e "/idmap config "$domain_name":base_rid = 100000/ i\ idmap config "$domain_name":backend = rid" /etc/samba/smb.conf
sed -i -e "/idmap config "$domain_name":backend = rid/ i\ idmap domains = "$domain_name /etc/samba/smb.conf
else
echo "New samba version..."
sed -i -e "/idmap uid/ c\ idmap uid = 100000-1000000" /etc/samba/smb.conf
sed -i -e "/idmap gid/ c\ idmap gid = 100000-1000000" /etc/samba/smb.conf
sed -i -e "/idmap uid/ i\ idmap backend = idmap_rid:"$domain_name"=100000-1000000" /etc/samba/smb.conf
fi

service winbind restart

read -p "Give username who is authorized to join computer to the domain "$domain_name": " user_name
net ads join -U $user_name
service winbind restart

read -p "Do you want to test domain group listing? (wbinfo -g) (y/n): " yes_or_no
if [ "$yes_or_no" == "y" ]; then
wbinfo -g
fi

echo "Operation completed..."

No comments:

Post a Comment