Last active
May 11, 2022 12:00
-
-
Save mshafiee/2296f256ff9f2d0d5b575c0e501d1cc3 to your computer and use it in GitHub Desktop.
Join Ubuntu 20.04.4 to Active Directory Domain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| JDC_ORG_UNIT="" | |
| JDC_ORG_ENV="" | |
| JDC_DOMAIN_NAME=mydomain.com | |
| JDC_AD_DC1_IP=192.168.240.11 | |
| JDC_AD_DC2_IP=192.168.240.12 | |
| JDC_AD_DC1_NAME=dc1-inf-ad-ds1.mydomain.com | |
| JDC_AD_DC2_NAME=dc1-inf-ad-ds2.mydomain.com | |
| JDC_HOST_NAME=$(hostname | awk -F'.' '{print $1}').$JDC_DOMAIN_NAME | |
| JDC_GROUP_PREFIX="os" | |
| JDC_ORG_LOGIN="login" | |
| JDC_ORG_SUDOER="sudoer" | |
| JDC_GLOBAL_ORG_UNIT="global" | |
| JDC_JOIN_USER="dc.join" | |
| JDC_NETPLAN_CONFIG_FILE=/etc/netplan/00-installer-config.yaml | |
| JDC_PAM_FILE=/etc/pam.d/common-session | |
| JDC_SSSD_FILE=/etc/sssd/sssd.conf | |
| JDC_SUDOER_FILE=/etc/sudoers.d/domain_admins | |
| JDC_NTP_FILE="/etc/ntp.conf" | |
| function setup_ntp_client() { | |
| echo "-------------------------------" | |
| echo " Setup NTP Client" | |
| echo "-------------------------------" | |
| timedatectl set-ntp off | |
| sudo apt -y install ntp | |
| if [ $? == 100 ]; then | |
| echo "Running Failed! Error in 'apt -y install' command" | |
| exit 1 | |
| fi | |
| JDC_NTP_SERVER_CONFIG_1="server $JDC_AD_DC1_NAME prefer iburst" | |
| JDC_NTP_SERVER_CONFIG_2="server $JDC_AD_DC2_NAME prefer iburst" | |
| grep -qxF "$JDC_NTP_SERVER_CONFIG_1" $JDC_NTP_FILE || (cp $JDC_NTP_FILE $JDC_NTP_FILE.bk_`date +%Y%m%d%H%M` && echo -e "# AD-DC NTP Server config\n$JDC_NTP_SERVER_CONFIG_1" >> $JDC_NTP_FILE) | |
| grep -qxF "$JDC_NTP_SERVER_CONFIG_2" $JDC_NTP_FILE || (cp $JDC_NTP_FILE $JDC_NTP_FILE.bk_`date +%Y%m%d%H%M` && echo -e "$JDC_NTP_SERVER_CONFIG_2" >> $JDC_NTP_FILE) | |
| systemctl restart ntp | |
| ntpq -p | |
| echo "---" | |
| echo "Time difference between this machine and the $JDC_AD_DC1_NAME" | |
| ntpdate -q $JDC_AD_DC1_NAME | |
| } | |
| function join_computer_to_domain() { | |
| echo "------------------------------------------------------" | |
| echo " Join Computer to Active Directory Domain Controler" | |
| echo "------------------------------------------------------" | |
| echo "Selected ORG_UNIT is $JDC_ORG_UNIT and ORG_ENV is $JDC_ORG_ENV" | |
| hostnamectl set-hostname $JDC_HOST_NAME | |
| echo $(hostname) | |
| snap install yq | |
| if [[ $? != 0 ]]; then | |
| echo "Error in 'snap install yq' command" | |
| exit 1 | |
| fi | |
| JDC_NETPLAN_CONFIG_BACKUP_FILE=$JDC_NETPLAN_CONFIG_FILE+`date +%Y%m%d%H%M` | |
| cp $JDC_NETPLAN_CONFIG_FILE $JDC_NETPLAN_CONFIG_BACKUP_FILE | |
| JDC_AD_DC1_IP=$JDC_AD_DC1_IP JDC_AD_DC2_IP=$JDC_AD_DC2_IP JDC_DOMAIN_NAME=$JDC_DOMAIN_NAME JDC_NETPLAN_CONFIG_FILE=$JDC_NETPLAN_CONFIG_FILE JDC_NETPLAN_CONFIG_BACKUP_FILE=$JDC_NETPLAN_CONFIG_BACKUP_FILE bash -c 'cat $JDC_NETPLAN_CONFIG_BACKUP_FILE | yq -e ".network.ethernets.ens160.nameservers.addresses[0]=env(JDC_AD_DC1_IP) | .network.ethernets.ens160.nameservers.addresses[1]=env(JDC_AD_DC2_IP) | .network.ethernets.ens160.nameservers.search[0]=env(JDC_DOMAIN_NAME)" | tee $JDC_NETPLAN_CONFIG_FILE' | |
| netplan try | |
| if [[ $? != 0 ]]; then | |
| echo "There is some errors in netplan config" | |
| exit 1 | |
| fi | |
| netplan apply | |
| nslookup $JDC_DOMAIN_NAME | grep -q "$JDC_AD_DC1_IP" 2>&1 | |
| if [[ $? != 0 ]]; then | |
| echo "Running Failed! $JDC_AD_DC1_IP is not set as one of DNS servers, or you don't have network access to $JDC_AD_DC1_IP" | |
| exit 1 | |
| fi | |
| nslookup $JDC_DOMAIN_NAME | grep -q "$JDC_AD_DC2_IP" 2>&1 | |
| if [[ $? != 0 ]]; then | |
| echo "Running Failed! $JDC_AD_DC2_IP is not set as one of DNS servers, or you don't have network access to $JDC_AD_DC2_IP" | |
| exit 1 | |
| fi | |
| apt -y update | |
| if [ $? == 100 ]; then | |
| echo "Running Failed! Error in 'apt -y update' command" | |
| exit 1 | |
| fi | |
| apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit | |
| if [ $? == 100 ]; then | |
| echo "Running Failed! Error in 'apt -y install' command" | |
| exit 1 | |
| fi | |
| realm discover $JDC_DOMAIN_NAME | |
| if [ $? == 1 ]; then | |
| echo "Running Failed! Error in finding $JDC_DOMAIN_NAME' realm!" | |
| exit 1 | |
| fi | |
| JDC_JOIN_OU="OU=$JDC_ORG_UNIT,DC=superpay,DC=tech" | |
| realm join --computer-ou=$JDC_JOIN_OU --user=$JDC_JOIN_USER --os-name=$(lsb_release -si) --os-version=$(lsb_release -sr) $JDC_DOMAIN_NAME | |
| if [ $? == 1 ]; then | |
| echo "Running Failed! Error in joining to $JDC_DOMAIN_NAME' realm!" | |
| exit 1 | |
| fi | |
| id $JDC_JOIN_USER@$JDC_DOMAIN_NAME | |
| if [ $? == 1 ]; then | |
| echo "Running Failed! The system hasn't join to $JDC_DOMAIN_NAME' realm!" | |
| exit 1 | |
| fi | |
| JDC_MKHOMEDIR_IN_PAM_FILE="session optional pam_mkhomedir.so skel=/etc/skel umask=077" | |
| grep -qxF "$JDC_MKHOMEDIR_IN_PAM_FILE" $JDC_PAM_FILE || (cp $JDC_PAM_FILE $JDC_PAM_FILE.bk_`date +%Y%m%d%H%M` && echo -e "# Create home directory for domain users\n$JDC_MKHOMEDIR_IN_PAM_FILE" >> $JDC_PAM_FILE) | |
| cp $JDC_SSSD_FILE $JDC_SSSD_FILE.bk_`date +%Y%m%d%H%M` | |
| sed -i '/use_fully_qualified_names/c\use_fully_qualified_names = False' $JDC_SSSD_FILE | |
| realm deny --all | |
| realm permit Administrator@$JDC_DOMAIN_NAME | |
| realm permit -g "$JDC_GROUP_PREFIX-$JDC_GLOBAL_ORG_UNIT-$JDC_ORG_ENV-$JDC_ORG_LOGIN" | |
| realm permit -g "$JDC_GROUP_PREFIX-$JDC_ORG_UNIT-$JDC_ORG_ENV-$JDC_ORG_LOGIN" | |
| realm list | |
| if test -f "$JDC_SUDOER_FILE"; then | |
| mv $JDC_SUDOER_FILE $JDC_SUDOER_FILE.bk_`date +%Y%m%d%H%M` | |
| fi | |
| echo -e "%$JDC_GROUP_PREFIX-$JDC_GLOBAL_ORG_UNIT-$JDC_ORG_ENV-$JDC_ORG_SUDOER ALL=(ALL) ALL" | tee -a $JDC_SUDOER_FILE | |
| echo -e "%$JDC_GROUP_PREFIX-$JDC_ORG_UNIT-$JDC_ORG_ENV-$JDC_ORG_SUDOER ALL=(ALL) ALL" | tee -a $JDC_SUDOER_FILE | |
| echo -e "Administrator ALL=(ALL) ALL" | tee -a $JDC_SUDOER_FILE | |
| systemctl restart sshd.service | |
| sleep 10; | |
| systemctl restart sssd | |
| } | |
| ## | |
| # Color Variables | |
| ## | |
| green='\e[32m' | |
| blue='\e[34m' | |
| clear='\e[0m' | |
| ## | |
| # Color Functions | |
| ## | |
| ColorGreen(){ | |
| echo -ne $green$1$clear | |
| } | |
| ColorBlue(){ | |
| echo -ne $blue$1$clear | |
| } | |
| menu_org_env(){ | |
| echo -ne " | |
| Environment | |
| $(ColorGreen '1)') PROD | |
| $(ColorGreen '2)') UAT | |
| $(ColorGreen '3)') DB | |
| $(ColorGreen '4)') APP | |
| $(ColorGreen '0)') Exit | |
| $(ColorBlue 'Choose an option:') " | |
| read a | |
| case $a in | |
| 1) JDC_ORG_ENV="prod" ; join_computer_to_domain ; setup_ntp_client;; | |
| 2) JDC_ORG_ENV="uat" ; join_computer_to_domain ; setup_ntp_client;; | |
| 3) JDC_ORG_ENV="db" ; join_computer_to_domain ; setup_ntp_client;; | |
| 4) JDC_ORG_ENV="app" ; join_computer_to_domain ; setup_ntp_client;; | |
| 0) exit 0 ;; | |
| *) echo -e $red"Wrong option."$clear; WrongCommand;; | |
| esac | |
| } | |
| menu_org_unit(){ | |
| echo -ne " | |
| Organizational Unit | |
| $(ColorGreen '1)') SPP | |
| $(ColorGreen '2)') HDR | |
| $(ColorGreen '3)') MHF | |
| $(ColorGreen '4)') MZH | |
| $(ColorGreen '5)') SPT | |
| $(ColorGreen '6)') INF | |
| $(ColorGreen '0)') Exit | |
| $(ColorBlue 'Choose an option:') " | |
| read a | |
| case $a in | |
| 1) JDC_ORG_UNIT="spp" ; menu_org_env ;; | |
| 2) JDC_ORG_UNIT="hdr" ; menu_org_env ;; | |
| 3) JDC_ORG_UNIT="mhf" ; menu_org_env ;; | |
| 4) JDC_ORG_UNIT="mzh" ; menu_org_env ;; | |
| 5) JDC_ORG_UNIT="spt" ; menu_org_env ;; | |
| 6) JDC_ORG_UNIT="inf" ; menu_org_env ;; | |
| 0) exit 0 ;; | |
| *) echo -e $red"Wrong option."$clear; WrongCommand;; | |
| esac | |
| } | |
| # Call the menuOrgUnit function | |
| menu_org_unit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment