Linux Active Directory
Publicado por Fábio Antonio Ferreira (última atualização em 24/06/2011)
[ Hits: 6.857 ]
Homepage: http://fantonio.wordpress.com
Este script adiciona máquina linux ao dominio Windows.
#!/bin/sh
###############################################################################
# Copyright (C) 2011 - Fabio Antonio Ferreira #
# http://fantonio.wordpress.com | fantonios@gmail.com #
# #
# Este trabalho está licenciado sob uma Licença Creative Commons #
# Atribuição-Compartilhamento pela mesma Licença 2.5 Brasil. Para ver a copia #
# desta licença, acesse: http://creativecommons.org/licenses/by-sa/2.5/br/ #
# ou envie uma carta para Creative Commons, 171 Second Street, Suite 300, #
# San Francisco, California 94105, USA. #
# #
# Modificações em 15 de abril de 2011 por Fábio Antonio (fantonio) #
# #
###############################################################################
#
# Versão 1.0
# - Versão original
#
preto="{FONTE}33[0;30m"
vermelho="{FONTE}33[0;31m"
verde="{FONTE}33[0;32m"
# == FUNCOES ==================================================================
USUARIO=`whoami`
if [ "$USUARIO" != "root" ]; then
echo
echo "=============================================================================="
echo " ESTE PROGRAMA PRECISA SER EXECUTADO COM PERMISSOES DE SUPERUSUARIO! "
echo " Abortando... "
echo "=============================================================================="
echo
exit 1
fi
_HEAD () {
`which clear`
echo "=============================================================================="
echo " SISTEMA PARA ADICIONAR MAQUINA LINUX AO DOMÍNIO WINDOWS"
echo "=============================================================================="
}
_PACOTES () {
echo "Instalando os pacotes necessários";
aptitude install krb5-user libpam-krb5 winbind samba smbfs smbclient krb5-config libkrb53 libkadm55 -y > /dev/null;
check=$?
if [ $check -eq 0 ]; then
echo "Pacotes instalados com sucesso {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao instalar os pacotes {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_HORA () {
echo "Atualizando data e hora";
ntpdate br.pool.ntp.org > /dev/null;
echo "Horario atual:" `date`
echo "Hora alterada com sucesso {FONTE}33[0;32m [Ok] {FONTE}33[0m "
}
_BACKUP_ORIG () {
# Rotina de Backup dos arquivos de configurações.
cp /etc/krb5.conf /etc/krb5.conf_backup > /dev/null
cp /etc/samba/smb.conf /etc/samba/smb.conf_backup > /dev/null
cp /etc/nsswitch.conf /etc/nsswitch.conf_backup > /dev/null
cp /etc/pam.d/common-account /etc/pam.d/common-account_backup > /dev/null
cp /etc/pam.d/common-auth /etc/pam.d/common-auth_backup > /dev/null
cp /etc/pam.d/common-session /etc/pam.d/common-session_backup > /dev/null
cp /etc/pam.d/sudo /etc/pam.d/sudo_backup > /dev/null
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Rotina de Backup executada com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao fazer o Backup. {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_NOME_DOMINIO () {
#Entrada do nome do dominio ao qual deseja engreçar.
read -p "Entre com o nome do Domínio:" var1
dominio=$(echo $var1 | tr a-z A-Z)
read -p "Entre com o seu KDC (key Distribution Center):" var2
kdc=$(echo $var2 | tr A-Z a-z)
}
_KRB5 () {
echo "[libdefaults]
default_realm = $dominio
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
$dominio = {
kdc = $kdc
#kdc = $kdc2
#kdc = $kdc3
admin_server = $kdc
}
[domain_realm]
.$var1 = $kdc
[login]
krb4_convert = true
krb4_get_tickets = false" > /etc/krb5.conf
echo "Configuração alterada com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
}
_TESTEAD () {
read -p "Entre com um usuário para testar sua conexão com o Active Directory:" user
kinit $user@$dominio
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Sua máquina conectou com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao se conectar com o Active Directory {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_SMB () {
maquina=$(hostname)
echo "# Sample configuration file for the Samba suite for Debian GNU/Linux.
#======================= Global Settings =======================
[global]
#
# Browsing/Identification ###
workgroup = $var1
netbios name = $maquina
realm = $var1
# server string is the equivalent of the NT Description field
server string = %h Server
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
# wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast
#### Networking ####
# The specific set of interfaces / networks to bind to
; interfaces = 127.0.0.0/8 eth0
# Only bind to the named interfaces and/or networks;
; bind interfaces only = yes
#
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# We want Samba to log a minimum amount of information to syslog.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = ADS
password server = $kdc
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system,
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
########## Domains ###########
# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
; domain logons = yes
# The following required a [profiles] share to be setup on the
# samba server (see below)
; logon path = \\%N\profiles\%U
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon.
; logon script = logon.cmd
# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
# This allows Unix groups to be created on the domain controller via the SAMR
; add group script = /usr/sbin/addgroup --force-badname %g
########## Printing ##########
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis.
; include = /home/samba/etc/smb.conf.%m
# The following parameter is useful only if you have the linpopup package installed.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Domain Master specifies Samba to be the Domain Master Browser.
idmap uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
# Maximum number of usershare. 0 (default) means that usershare is disabled.
; usershare max shares = 100
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only.
read only = yes
# File creation mask is set to 0700 for security reasons.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons.
directory mask = 0700
# This might need tweaking when using external authentication schemes
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
; share modes = no
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; read only = yes
; locking = no
; path = /cdrom
; guest ok = yes
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom" > /etc/samba/smb.conf
echo "Configuração alterada com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
}
_FUNC_RESTART() {
# Stop Winbind
/etc/init.d/winbind stop > /dev/null
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Winbind Stop! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao parar o Winbind {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
# Restart Samba
/etc/init.d/samba restart > /dev/null
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Samba restart com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha no restart do Samba! {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
# Start Winbind
/etc/init.d/winbind start > /dev/null
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Winbind start! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao fazer iniciar o Winbind! {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_ADDDOMINIO () {
azul="{FONTE}33[0;34m"
echo "++++++++++++++++++++++++++++++++++++++++++++"
echo "++ {FONTE}33[0;34m Adicionando a Máquina no Domínio {FONTE}33[0m ++"
echo "++++++++++++++++++++++++++++++++++++++++++++"
# Adicionando a máquina ao domínio
read -p "Entre com um usuário administrador de Domínio:" user
net ads join -U $user;
check=$(echo $?)
clear
# Validação da conexão com o domínio
if [ $check -eq 0 ]; then
echo "Sua máquina foi adicionada no Domínio! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao adicionar a máquina no Domínio {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_TESTDOMINIO () {
# Teste de requisição ao dominio
wbinfo -t > /dev/null
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Teste de Domínio! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao testar o Domínio {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_FUNCAUTENTICACAO () {
# Configurando o arquivo nsswitch.conf
echo "passwd: compat winbind
group: compat winbind
shadow: compat" > /etc/nsswitch.conf
# Teste de configuração do Winbind
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "Winbind testado com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao testar o Winbind {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
# PAM - common-account
echo "account sufficient pam_winbind.so
account required pam_unix.so" > /etc/pam.d/common-account
# PAM - common-auth
echo "auth sufficient pam_winbind.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required pam_deny.so" > /etc/pam.d/common-auth
# PAM - common-session
echo "session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel" > /etc/pam.d/common-session
# PAM - sudo
echo "auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_deny.so
@include common-account" > /etc/pam.d/sudo
# Teste de configuração do PAM
check=$(echo $?)
if [ $check -eq 0 ]; then
echo "PAM configurado com sucesso! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao configurar o PAM {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
}
_FUNC_HOMEDIR () {
HOME_DIR=$var1
if [ -d /home/$HOME_DIR ]; then
echo "Já existe este diretório !"
else
echo "Este diretório não existe !"
echo "Criando o diretório $HOME_DIR"
mkdir /home/$var1
sleep 2
fi
}
_FUNC_DEL_MAQ_DOMINIO () {
maquina=$(hostname)
azul="{FONTE}33[0;34m"
echo "++++++++++++++++++++++++++++++++++++++++++++"
echo "++ {FONTE}33[0;34m Removendo a Máquina no Domínio {FONTE}33[0m ++"
echo "++++++++++++++++++++++++++++++++++++++++++++"
# Remover a máquina ao domínio
read -p "Entre com um usuário administrador de Domínio:" user
net ads status -U $user
check1=$(echo $?)
clear
# Validação se a máquina está no domínio
if [ $check1 -eq 255 ]; then
echo "A máquina $maquina não está no dominio"
else
# Validação de remoção de máquina do domínio
net ads leave -U $user;
check=$(echo $?)
clear
if [ $check -eq 0 ]; then
echo "Sua máquina foi removida do Domínio! {FONTE}33[0;32m [Ok] {FONTE}33[0m "
else
echo "Falha ao remover a máquina no Domínio {FONTE}33[0;31m [fail] {FONTE}33[0m "
fi
fi
}
# =============================================================================
# Menu de seleção
echo "Linux Active Directory:"
echo "(1) Adicionar Máquina no Domínio"
echo "(2) Remover Máquina do Domínio"
echo "(3) Verificar conexão com o Domínio"
echo "(0) Sair"
echo "Digite a opção desejada:"
read resposta
case "$resposta" in
1)
_HEAD
_PACOTES
_HORA
_BACKUP_ORIG
_NOME_DOMINIO
_KRB5
_TESTEAD
_SMB
_FUNC_RESTART
_ADDDOMINIO
_TESTDOMINIO
_FUNCAUTENTICACAO
_FUNC_RESTART
azul="{FONTE}33[0;34m"
echo "++++++++++++++++++++++++++++++++++++++++++++"
echo "++ {FONTE}33[0;34m Bem vindo ao dominio $dominio {FONTE}33[0m ++"
echo "++++++++++++++++++++++++++++++++++++++++++++"
;;
2)
_FUNC_DEL_MAQ_DOMINIO
;;
3)
_TESTDOMINIO
;;
0)
exit
;;
*)
echo 'Opção Inválida!'
esac
Scripts recomendados
Claro 3g Sony Ericsson md300 script conexao REVISAO 3
Proc_del - Desinstalar programas compilados
Execução temporizada de programas
Manutenção básica em partições Linux
Comentários
Nenhum comentário foi encontrado.
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Como escolher o melhor escalonador de CPU para melhorar o desempenho da máquina
Curiosidade sobre DOOM Guy e Isabelle de Animal Crossing
Inicializando servidor Ubuntu na AWS e rodando apache em Container
Dicas
Conheça o Octopi, outro frontend para o Pacman com acesso ao ARU (Arch Linux e derivados)
Terminal transparente no Debian 12 com interface i3wm usando Xfce4-Terminal e Compton
Como compilar o DOOM RETRO no Linux
Stacer - um otimizador gráfico básico de Linux
Corrigindo o erro de "WARNING: Possibly missing firmware for module" no Arch Linux
Tópicos
Como colocar uma assinatura digital em um código compilado ! (0)
Após atualização do Ubuntu 22.04.4 LTS perdi a instalação da placa de ... (0)
DRIVER DE ADPTADOR HDMI PARA USB (2)
Top 10 do mês
-
Xerxes
1° lugar - 68.997 pts -
Fábio Berbert de Paula
2° lugar - 58.100 pts -
Clodoaldo Santos
3° lugar - 54.572 pts -
Sidnei Serra
4° lugar - 40.460 pts -
Buckminster
5° lugar - 21.513 pts -
Daniel Lara Souza
6° lugar - 16.576 pts -
Mauricio Ferrari
7° lugar - 15.929 pts -
Alberto Federman Neto.
8° lugar - 15.770 pts -
Diego Mendes Rodrigues
9° lugar - 15.069 pts -
edps
10° lugar - 14.236 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
