#!/bin/bash
#Script zur erstmaligen konfiguration eines lenny mit domänenanbindung
mydc="192.168.2.10"   #IP oder Name des Domaincontrollers
mydom="MYNTDOMNAME"   #Name der NT-Domäne
myrealm="MY.DOM.AIN"  #FQDN in GROSSSCHREIBUNG!
mysmtp="192.168.2.20" #IP oder Name des lokalen SMTP-Mailservers, wenn vorhanden
smbcnf=/etc/samba/smb.conf
echo "deb http://ftp.debian.org/debian/ lenny main non-free contrib" > /etc/apt/sources.list
echo "deb http://ftp.debian.org/debian-security/ lenny/updates main non-free contrib" >> /etc/apt/sources.list
apt-get update
apt-get -y upgrade
apt-get install gcc make ntp mc openssh-server linux-headers-`uname -r` build-essential mc 
/etc/init.d/ntp stop
echo "server $mydc" > /etc/ntp.conf
#echo "server 192.168.2.2" >> /etc/ntp.conf
/etc/init.d/ntp start
#DNS-Auflösung prüfen
nslookup $HOSTNAME | grep -q "server can't find"
f=$?
if [ $f -eq 0 ]; then
echo $f
echo "Rechner ist nicht vom DNS-Server auflösbar. Bitte korrigieren, dann Script erneut aufrufen -> Ende"
exit 1;
fi
#Domänenauthentifizierung
apt-get install winbind libkrb53 libpam-krb5
read -p "Jetzt kommen wahrscheinlich ein paar Fragen nach der Arbeitsgruppe, REALM etc." dummy
#exim4
#/etc/init.d/exim4 stop
IP=`ifconfig | grep Bcast | cut  -d : -f 2| cut -d " " -f 1`
echo "dc_eximconfig_configtype='satellite'" > /etc/exim4/update-exim4-conf.conf
echo "dc_other_hostnames='$HOSTNAME'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_local_interfaces='$IP'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_readhost='$HOSTNAME'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_relay_domains=''" >> /etc/exim4/update-exim4-conf.conf
echo "dc_minimaldns='true'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_relay_nets=''" >> /etc/exim4/update-exim4-conf.conf
echo "dc_smarthost='$mysmtp'" >> /etc/exim4/update-exim4-conf.conf
echo "CFILEMODE='644'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_hide_mailname='true'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4-conf.conf
echo "dc_localdelivery='mail_spool'" >> /etc/exim4/update-exim4-conf.conf
/etc/init.d/exim4 start
/etc/init.d/winbind stop

cp $smbcnf /etc/samba/smb.conf.org
#Einträge in smb.conf erstellen
echo "[global]" > $smbcnf
echo " workgroup = $mydom" >> $smbcnf
echo " realm = $myrealm" >> $smbcnf
echo " netbios name = $HOSTNAME" >> $smbcnf
echo " wins server = $mydc" >> $smbcnf
echo " security = ADS" >> $smbcnf
echo " wins support = no" >> $smbcnf
echo " wins server = $mydc" >> $smbcnf
echo " idmap uid = 10000-20000" >> $smbcnf
echo " idmap gid = 10000-20000" >> $smbcnf
echo " template shell = /bin/bash" >> $smbcnf
echo " winbind use default domain = yes" >> $smbcnf
echo " winbind refresh tickets = yes" >> $smbcnf
echo " winbind enum users = yes" >> $smbcnf
echo " winbind enum groups = yes" >> $smbcnf
echo " winbind offline logon = yes" >> $smbcnf
echo " log file = /var/log/samba/%m.log" >> $smbcnf
echo " guest account = nobody" >> $smbcnf
echo " map to guest = Bad User" >> $smbcnf
echo " load printers = no" >> $smbcnf
echo " socket options = TCP_NODELAY" >> $smbcnf
echo " encrypt passwords = true" >> $smbcnf
echo " password server = $mydc" >> $smbcnf
echo "[cdrom]" >> $smbcnf
echo " comment = CDROM" >> $smbcnf
echo " writable = no" >> $smbcnf
echo " public = yes" >> $smbcnf
echo " path = /cdrom" >> $smbcnf

read -p "Bitte die /etc/samba/smb.conf nachpflegen/prüfen"
#mcedit /etc/samba/smb.conf
/etc/init.d/winbind restart

#Einträge in pam.d erstellen
cp /etc/pam.d/common-account /etc/pam.d/common-account.org
echo "account sufficient	pam_krb5.so" >  /etc/pam.d/common-account
echo "account sufficient	pam_winbind.so" >>  /etc/pam.d/common-account
echo "session required  pam_mkhomedir.so skel=/etc/skel umask=0022" >> /etc/pam.d/common-account
echo "account required	pam_unix.so use_first_pass" >>  /etc/pam.d/common-account

cp /etc/pam.d/common-session /etc/pam.d/common-session.org
echo "session sufficient	pam_krb5.so" >  /etc/pam.d/common-session
echo "session sufficient	pam_winbind.so" >>  /etc/pam.d/common-session
echo "session required	pam_limits.so" >>  /etc/pam.d/common-session
echo "session	required	pam_unix.so" >>  /etc/pam.d/common-session

cp /etc/pam.d/common-auth /etc/pam.d/common-auth.org
echo "auth	sufficient	pam_winbind.so" >  /etc/pam.d/common-auth
echo "auth	sufficient	pam_krb5.so use_first_pass" >>  /etc/pam.d/common-auth
echo "auth	required	pam_env.so" >>  /etc/pam.d/common-auth
echo "auth	required	pam_unix.so nullok_secure use_first_pass" >>  /etc/pam.d/common-auth

#Einträge in /etc/nsswitch erstellen
cp /etc/nsswitch.conf /etc/nsswitch.conf.org
echo "passwd:         files winbind" > /etc/nsswitch.conf
echo "group:          files winbind" >> /etc/nsswitch.conf
echo "shadow:         files" >> /etc/nsswitch.conf
echo "hosts:          files dns" >> /etc/nsswitch.conf
echo "networks:       files" >> /etc/nsswitch.conf
echo "protocols:      db files" >> /etc/nsswitch.conf
echo "services:       db files" >> /etc/nsswitch.conf
echo "ethers:         db files" >> /etc/nsswitch.conf
echo "rpc:            db files" >> /etc/nsswitch.conf
echo "netgroup:       nis" >> /etc/nsswitch.conf

#Rechner jetzt in Domäne aufnehmen und neustarten.
read -p "Bitte gib jetzt Deinen Domänenadministrator an:" domadmin
net ads join -U $domadmin
#/etc/init.d/samba start
#/etc/init.d/winbind start

#Standarbenutzer noch hinzufügen
echo "root_rb:x:0:0:Richard B,,,:/home/root_rb:/bin/bash" >> /etc/passwd
echo "root_rb:$1$tcTyExQ6$6alASK9Ln1rbrabrabra:14068:0:99999:7:::" >> /etc/shadow
echo "nach Neustart Passwort von root_rb neu setzen..."
echo "nach Neustart sollte die Anmeldung mit einem Domänenaccount möglich sein."
read -p "Ich starte jetzt den Rechner neu,wenn Du ENTER drückst..." dummy
reboot