Este es el contenido del Script para unir pc Linux/Ubuntu a un PDC con
Zentyal, o Samba4.
if [ "`whoami`" != "root" ];
then
clear
echo -e "
\033[1;31m########################################################################
# A T E N C I O N : Este Script TIENE que ser ejecutado como root #
#
########################################################################\033[0;0m"
sleep 3
clear
exit
fi
#
clear
apt-get install winbind samba smbclient krb5-user krb5-config
#
mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp.$(date +%Y%m%d)
#
echo "[global]" > /etc/samba/smb.conf
echo "security = ads" >> /etc/samba/smb.conf
#
#################### Valores particulares de la subred ###################
echo "netbios name = $HOSTNAME" >> /etc/samba/smb.conf
echo -ne "FQDN del PDC o direccion IP: "
read FQDN
echo "password server = $FQDN" >> /etc/samba/smb.conf
echo -ne "Por favor introduzca el nombre Netbios del dominio en MAYUSCULA: "
read DomainName
echo "workgroup = $DomainName" >> /etc/samba/smb.conf
echo -ne "Por favor introduzca el reino Kerberos de su dominio en
MAYUSCULA:"
read Realm
echo "realm = $Realm" >> /etc/samba/smb.conf
#################### ################################# ###################
#
echo "idmap uid = 10000000-19999999" >> /etc/samba/smb.conf
echo "idmap gid = 10000000-19999999" >> /etc/samba/smb.conf
echo "winbind use default domain = yes" >> /etc/samba/smb.conf
echo "winbind offline logon = yes" >> /etc/samba/smb.conf
echo "template shell = /bin/bash" >> /etc/samba/smb.conf
echo "template homedir = /home/%D/%U" >> /etc/samba/smb.conf
echo "domain master = no" >> /etc/samba/smb.conf
echo "encrypt passwords = yes" >> /etc/samba/smb.conf
echo "winbind enum users = yes" >> /etc/samba/smb.conf
echo "winbind enum groups = yes" >> /etc/samba/smb.conf
echo "add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100
-s /bin/false -M %u" >> /etc/samba/smb.conf
#
mv /etc/krb5.conf /etc/krb5.conf.bkp.$(date +%Y%m%d)
#
echo "[libdefaults]" > /etc/krb5.conf
echo "ccache_type = 4" >> /etc/krb5.conf
echo "forwardable = true" >> /etc/krb5.conf
echo "proxiable = true" >> /etc/krb5.conf
echo "default_realm = $Realm" >> /etc/krb5.conf
echo "kdc_timesync = 1" >> /etc/krb5.conf
#
echo "[realms]" >> /etc/krb5.conf
echo "$Realm = {" >> /etc/krb5.conf
echo "kdc = $HOSTNAME" >> /etc/krb5.conf
echo "admin_server = $HOSTNAME" >> /etc/krb5.conf
echo "}" >> /etc/krb5.conf
#
mv /etc/nsswitch.conf /etc/nsswitch.conf.bkp.$(date +%Y%m%d)
#
echo "passwd: files winbind" > /etc/nsswitch.conf
echo "group: files winbind" >> /etc/nsswitch.conf
echo "shadow: files winbind" >> /etc/nsswitch.conf
echo "hosts: files dns winbind" >> /etc/nsswitch.conf
echo "networks: files" >> /etc/nsswitch.conf
echo "protocols: db files" >> /etc/nsswitch.conf
echo "services: db files" >> /etc/nsswitch.conf
echo "ethers: db files" >> /etc/nsswitch.conf
echo "rpc: db files" >> /etc/nsswitch.conf
echo "netgroup: nis" >> /etc/nsswitch.conf
#
mv /etc/pam.d/common-account /etc/pam.d/common-account.bkp.$(date +%Y%m%d)
#
echo "account sufficient pam_winbind.so cached_login" >
/etc/pam.d/common-account
echo "account required pam_unix.so" >> /etc/pam.d/common-account
#
mv /etc/pam.d/common-auth /etc/pam.d/common-auth.bkp.$(date +%Y%m%d)
#
echo "auth sufficient pam_winbind.so" > /etc/pam.d/common-auth
echo "auth required pam_unix.so nullok_secure use_first_pass" >>
/etc/pam.d/common-auth
#
mv /etc/pam.d/common-password /etc/pam.d/common-password.bkp.$(date +%Y%m%d)
#
echo "password [success=2 default=ignore] pam_unix.so obscure
sha512 min=6 max=25" >> /etc/pam.d/common-password
echo "password sufficient pam_winbind.so" >>
/etc/pam.d/common-password
echo "password requisite pam_unix.so nullok obscure min=6 max=25
md5 try_first_pass" >> /etc/pam.d/common-password
echo "password optional pam_smbpass.so nullok use_authtok
use_first_pass missingok" >> /etc/pam.d/common-password
#
mv /etc/pam.d/common-session /etc/pam.d/common-session.bkp.$(date +%Y%m%d)
#
echo "session required pam_mkhomedir.so umask=0022 skel=/etc/skel"
>> /etc/pam.d/common-session
echo "session sufficient pam_winbind.so" >> /etc/pam.d/common-session
echo "session required pam_unix.so try_first_pass" >>
/etc/pam.d/common-session
#
touch /etc/security/pam_winbind.conf
chown root.root /etc/security/pam_winbind.conf
chmod 644 /etc/security/pam_winbind.conf
echo "[global]" > /etc/security/pam_winbind.conf
echo "cached_login = yes" >> /etc/security/pam_winbind.conf
/etc/init.d/winbind restart
#
echo -ne "Por favor introduca el nombre FQDN del server PDC del dominio: "
read PDC_SERVER
echo -ne "Por favor introduca el nombre del administrador del dominio: "
read USER_ADMIN_NAME
echo -ne "Por favor introduca el password del administrador del dominio: "
read USER_ADMIN_PASSWORD
#
#################### Valores particulares de la subred ###################
net ads join -S $PDC_SERVER -U $USER_ADMIN_NAME%$USER_ADMIN_PASSWORD
#################### ################################# ####################
Saludos
--
Joven Club
Raydel Hernández Martínez.
*Subdirección de Tecnología.*
*Administrador de Redes y Sistemas.*
*Móvil:* 0058-04265200309.
*Dirección:* Hotel "El Conde". Caracas. Venezuela.
Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE
ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com
--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
