63 lines
1.1 KiB
Bash
Executable File
63 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
apt update
|
|
apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
|
|
#Say no to WINS via DNS
|
|
|
|
realm discover ad.akanealw.com
|
|
|
|
realm join -U nwettstein ad.akanealw.com
|
|
|
|
realm list
|
|
|
|
bash -c "cat > /usr/share/pam-configs/mkhomedir" <<EOF
|
|
Name: activate mkhomedir
|
|
Default: yes
|
|
Priority: 900
|
|
Session-Type: Additional
|
|
Session:
|
|
required pam_mkhomedir.so umask=0022 skel=/etc/skel
|
|
EOF
|
|
|
|
pam-auth-update
|
|
#Enable mkhomedir
|
|
|
|
nano /etc/sssd/sssd.conf
|
|
#Change two lines
|
|
|
|
use_fully_qualified_names = False
|
|
fallback_homedir = /home/%u
|
|
|
|
realm permit -g DebianLogin
|
|
|
|
realm list
|
|
|
|
nano /etc/sudoers.d/domain_admins
|
|
#Insert three lines
|
|
|
|
%Domain\ Admins@ad.akanealw.com ALL=(ALL) ALL
|
|
nwettstein@ad.akanealw.com ALL=(ALL) ALL
|
|
nwettstein ALL=(ALL) NOPASSWD:ALL
|
|
|
|
systemctl restart sssd
|
|
|
|
systemctl status sssd
|
|
|
|
systemctl restart sshd
|
|
|
|
systemctl status sshd
|
|
|
|
exit
|
|
|
|
relog as nwettstein
|
|
|
|
groups
|
|
|
|
#Add nwettstein to necessary groups
|
|
usermod -a -G docker nwettstein
|
|
usermod -a -G www-data nwettstein
|
|
|
|
#Disable root account
|
|
passwd -l root
|
|
passwd -S root
|