ActiveDirectoryEdgy

Nasty Hacky Active Directory Integration on Edgy

#run this script as ROOT, you must be root or it will not work
#put your variables in here then run the whole thing
# it will ask you to a kerberos realm., use the same value you entered for AD_DOMAIN
# then it will ask you whether or not to use the defaults form DNS, choose yes
# after kerberos config, the script stops for some reason, but copy & paste everything after dpkg-reconfigure krb5-config
# then it will restart needed services and you can ssh in as domain users to test

export DOMAIN_ADMIN=rcadmin
export DOMAIN_PASS=YOURPASS
export AD_DOMAIN=LABS.AD.UGA.EDU
export AD_SHORTNAME=LABS
export MACHINE_OU=Music

#enable universe for kerberos packages
perl -pi -e 's!# deb http://us.archive.ubuntu.com/ubuntu/ edgy universe!deb http://us.archive.ubuntu.com/ubuntu/ edgy universe!g' /etc/apt/sources.list
perl -pi -e 's!# deb http://security.ubuntu.com/ubuntu edgy-security universe!deb http://security.ubuntu.com/ubuntu edgy-security universe!g' /etc/apt/sources.list
apt-get update
#install samba and winbind
apt-get install samba winbind krb5-user  -y
#configure samba
perl -pi -e  's!   workgroup = MSHOME!
   security = ads
   workgroup = $ENV{'AD_SHORTNAME'}
   realm = $ENV{'AD_DOMAIN'}
   idmap uid = 500-10000000
   idmap gid = 500-10000000
   winbind separator = +
   winbind enum users = no
   winbind enum groups = no
   winbind use default domain = yes
   template homedir = /home/%U
   template shell = /bin/bash
   client use spnego = yes
   domain master = no
!g' /etc/samba/smb.conf
#tell nsswitch to use winbind too
perl -pi -e 's/compat/compat winbind/g' /etc/nsswitch.conf
perl -pi -e 's/dns/dns wins/g' /etc/nsswitch.conf
#setup pam
perl -pi -e's/account\trequired\tpam_unix.so/account\tsufficient\tpam_winbind.so\naccount\trequired\tpam_unix.so/g' /etc/pam.d/common-account
perl -pi -e's/auth\trequired\tpam_unix.so/auth\tsufficient\tpam_winbind.so\nauth\trequired\tpam_unix.so/g' /etc/pam.d/common-auth
perl -pi -e's/max=8/max=50/g' /etc/pam.d/common-password
perl -pi -e's!session\trequired\tpam_unix.so!session\trequired\tpam_unix.so\nsession\trequired\tpam_mkhomedir.so umask=0022 skel=/etc/skel!g' /etc/pam.d/common-session
# configure kerberos
dpkg-reconfigure krb5-config
# synchronize system clock so that times match
ntpdate $AD_DOMAIN
# do the join dont include the last bit if you dont have a sub ou to join
net ads join $MACHINE_OU -U$DOMAIN_ADMIN%$DOMAIN_PASS
# restart things
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start

RobCaskey/ActiveDirectoryEdgy (last edited 2008-08-06 16:15:58 by localhost)