#! /bin/sh


echo Install packages needed...
apt install samba-common samba winbind libnss-winbind libpam-winbind krb5-user adcli packagekit
sleep 11
echo

echo Set hostname...
sudo hostnamectl set-hostname main-des-linux.smiley000.local
sudo cp -f /etc/hostname /etc/hostname.old
sudo cp -f /usr/bin/hostname /etc
sudo hostnamectl status
sleep 11
echo

echo Fix resolv.conf...
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo systemctl status systemd-resolved
sleep 11
echo


echo Copy configuration files...
sudo cp -f /etc/hosts /etc/hosts.old
sudo cp -f /usr/bin/hosts /etc

sudo cp -f /run/systemd/resolve/stub-resolv.conf /run/systemd/resolve/stub-resolv.conf.old
sudo cp -f /usr/bin/stub-resolv.conf /run/systemd/resolve

sudo cp -f /etc/krb5.conf /etc/krb5.old
sudo cp -f /usr/bin/krb5.conf /etc

sudo cp -f /etc/samba/smb.conf /etc/samba/smb.conf.old
sudo cp -f /usr/bin/smb.conf /etc/samba

sudo cp -f /usr/bin/user.map /etc/samba

sudo cp -f /etc/nsswitch.conf /etc/nsswitch.conf.old
sudo cp -f /usr/bin/nsswitch.conf /etc

sleep 11
echo


echo Test smb.conf
testparm
sleep 11
echo


echo Fix pam configuration...
sudo pam-auth-update
sleep 11
echo


echo Restart samba...
sudo systemctl restart smbd nmbd winbind
sleep 11
echo


echo Join domain smiley000.local...
#sudo net join ads smiley000.local -U Administrator
echo


echo Test Administrator user in AD...
#kinit Administrator
#klist
#kdestroy

echo
#id Administrator@smiley000.local
echo


echo Rebooting in 1 minute...
#shutdown -r +1 "Rebooting for AD logon domain join."
echo


echo
echo

#! /bin/sh


echo Installing...
sudo cp scripts/* /usr/bin

sudo chmod +x /usr/bin/join-smiley000.local-domain_linux-mint_21.1.sh
sudo chmod +x /usr/bin/join-domain_linux-mint_21.1.sh
sudo chmod +x /usr/bin/join-domain.sh

#! /bin/bash


echo Install packages needed...
apt install samba-common samba winbind libnss-winbind libpam-winbind krb5-user adcli packagekit
sleep 11
echo

echo Set hostname...
sudo hostnamectl set-hostname main-des-linux.smiley000.local
sudo cp -f /etc/hostname /etc/hostname.old
sudo cp -f /usr/bin/hostname /etc
sudo hostnamectl status
sleep 11
echo

echo Fix resolv.conf...
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo systemctl status systemd-resolved
sleep 11
echo


echo Copy configuration files...
sudo cp -f /etc/hosts /etc/hosts.old
sudo cp -f /usr/bin/hosts /etc

sudo rm -f /etc/resolv.conf
sudo cp -f /usr/bin/stub-resolv.conf /etc/resolv.conf

sudo cp -f /etc/krb5.conf /etc/krb5.old
sudo cp -f /usr/bin/krb5.conf /etc

sudo cp -f /etc/samba/smb.conf /etc/samba/smb.conf.old
sudo cp -f /usr/bin/smb.conf /etc/samba

sudo cp -f /usr/bin/user.map /etc/samba

sudo cp -f /etc/nsswitch.conf /etc/nsswitch.conf.old
sudo cp -f /usr/bin/nsswitch.conf /etc

sudo cp -f /usr/bin/domain-admins /etc/sudoers.d

sleep 11
echo


echo Test smb.conf
testparm
sleep 11
echo


echo Fix pam configuration...
sudo pam-auth-update
sleep 11
echo


echo Join domain smiley000.local...
sudo net join ads smiley000.local -U Administrator
sleep 11
echo


echo Restart samba...
sudo systemctl restart smbd nmbd winbind
sleep 11
echo


echo Test Administrator user in AD...
kinit Administrator
klist
kdestroy

echo
id Administrator@smiley000.local
sleep 11
echo


echo Rebooting in 1 minute...
read -s -n 1 -p "Please enable GUI tool logon in logon manager after reboot, then reboot again..."
echo
shutdown -r +1 "Rebooting for AD logon domain join."
echo


echo
echo

main-des-linux.smiley000.local

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 192.168.1.10
options edns0 trust-ad
search smiley000.local

127.0.0.1	localhost.localdomain localhost

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

[libdefaults]
 default_realm = SMILEY000.LOCAL
 dns_lookup_kdc = true
 dns_lookup_realm = true

[realms]
 SMILEY000.LOCAL = {
 kdc = vmain1.smiley000.local
 admin_server = vmain1.smiley000.local
 master_kdc = vmain1.smiley000.local
 default_domain = smiley000.local
}

[domain_realm]
 .smiley000.local = smiley000.local
 smiley000.local = smiley000.local

[logging]
 kdc = vmain1.smiley000.local
 admin_server = FILE=/var/kadm5.log

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   security = ADS
   workgroup = SMILEY000
   realm = smiley000.local

# server string is the equivalent of the NT Description field
   server string = %h server (Samba, Ubuntu)

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
   logging = file

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller". 
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   #server role = member server

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = Bad User

########## Domains ###########

#
# The following settings only takes effect if 'server role = classic
# primary domain controller', 'server role = classic backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
#;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
#;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
#;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
 add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
 add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
 add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
#;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
   idmap config * :              backend = tdb
   idmap config * :              range   = 3000-7999
   idmap config SMILEY000 :      backend = rid
   idmap config SMILEY000 :      range   = 10000-999999
   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 means that usershare is disabled.
#   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

username map = /etc/samba/user.map
min domain uid = 0

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
#;[homes]
#;   comment = Home Directories
#;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
#;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
#;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
#;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# Un-comment the following parameter to make sure that only "username"
# can connect to \\server\username
# This might need tweaking when using external authentication schemes
#;   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
#;[netlogon]
#;   comment = Network Logon Service
#;   path = /home/samba/netlogon
#;   guest ok = yes
#;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
#;[profiles]
#;   comment = Users profiles
#;   path = /home/samba/profiles
#;   guest ok = no
#;   browseable = no
#;   create mask = 0600
#;   directory mask = 0700

#[printers]
#   comment = All Printers
#   browseable = no
#   path = /var/spool/samba
#   printable = yes
#   guest ok = no
#   read only = yes
#   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
#[print$]
#   comment = Printer Drivers
#   path = /var/lib/samba/printers
#   browseable = yes
#   read only = yes
#   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
#;   write list = root, @lpadmin

!root = SMILEY000\Administrator

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd winbind
group:          files systemd winbind
shadow:         files
gshadow:        files

hosts:          files dns wins myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

%Domain\ Admins@smiley000.local ALL=(ALL) ALL

%BUILTIN\\administrators                 ALL=(ALL)   ALL
"%SMILEY000\\domain admins"              ALL=(ALL)   ALL

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   security = ADS
   workgroup = SMILEY000
   realm = smiley000.local

# server string is the equivalent of the NT Description field
   server string = %h server (Samba, Ubuntu)

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
   logging = file

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller". 
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   #server role = member server

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = Bad User

########## Domains ###########

#
# The following settings only takes effect if 'server role = classic
# primary domain controller', 'server role = classic backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
#;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
#;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
#;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
 add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
 add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
 add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
#;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
   idmap config * :              backend = tdb
   idmap config * :              range   = 3000-7999
   idmap config smiley000 :      backend = autorid
   idmap config smiley000 :      range   = 10000-999999
   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 means that usershare is disabled.
#   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#username map = /etc/samba/user.map
min domain uid = 0

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
#;[homes]
#;   comment = Home Directories
#;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
#;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
#;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
#;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# Un-comment the following parameter to make sure that only "username"
# can connect to \\server\username
# This might need tweaking when using external authentication schemes
#;   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
#;[netlogon]
#;   comment = Network Logon Service
#;   path = /home/samba/netlogon
#;   guest ok = yes
#;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
#;[profiles]
#;   comment = Users profiles
#;   path = /home/samba/profiles
#;   guest ok = no
#;   browseable = no
#;   create mask = 0600
#;   directory mask = 0700

#[printers]
#   comment = All Printers
#   browseable = no
#   path = /var/spool/samba
#   printable = yes
#   guest ok = no
#   read only = yes
#   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
#[print$]
#   comment = Printer Drivers
#   path = /var/lib/samba/printers
#   browseable = yes
#   read only = yes
#   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
#;   write list = root, @lpadmin

#! /bin/sh


echo "Update to latest version..."
apt update && apt upgrade
flatpak update
sleep 11
echo


echo "Doing initial configuration..."
apt install vim dos2unix
sleep 11
echo

echo Fixing time servers...
sudo cp -f /usr/bin/timesyncd.conf /etc/systemd
systemctl restart systemd-timesyncd
sleep 11
echo

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the timesyncd.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See timesyncd.conf(5) for details.

[Time]
NTP=ntp1.smiley000.local
FallbackNTP=time.windows.com
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

#! /bin/bash


echo Install packages needed...
apt install samba-common samba winbind libnss-winbind libpam-winbind krb5-user adcli packagekit
sleep 11
echo

echo Set hostname...
sudo hostnamectl set-hostname main-des-linux.smiley000.local
sudo cp -f /etc/hostname /etc/hostname.old
sudo cp -f /usr/bin/hostname /etc
sudo hostnamectl status
sleep 11
echo

echo Fix resolv.conf...
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo systemctl status systemd-resolved
sleep 11
echo


echo Copy configuration files...
sudo cp -f /etc/hosts /etc/hosts.old
sudo cp -f /usr/bin/hosts /etc

sudo rm -f /etc/resolv.conf
sudo cp -f /usr/bin/stub-resolv.conf /etc/resolv.conf

sudo cp -f /etc/krb5.conf /etc/krb5.old
sudo cp -f /usr/bin/krb5.conf /etc

sudo cp -f /etc/samba/smb.conf /etc/samba/smb.conf.old
sudo cp -f /usr/bin/smb.conf /etc/samba

sudo cp -f /usr/bin/user.map /etc/samba

sudo cp -f /etc/nsswitch.conf /etc/nsswitch.conf.old
sudo cp -f /usr/bin/nsswitch.conf /etc

sudo cp -f /usr/bin/domain-admins /etc/sudoers.d

sleep 11
echo


echo Test smb.conf
testparm
sleep 11
echo


echo Fix pam configuration...
sudo pam-auth-update
sleep 11
echo


echo Join domain smiley000.local...
sudo net join ads smiley000.local -U Administrator
sleep 11
echo


echo Restart samba...
sudo systemctl restart smbd nmbd winbind
sleep 11
echo


echo Test Administrator user in AD...
kinit Administrator
klist
kdestroy

echo
id Administrator@smiley000.local
sleep 11
echo


echo Rebooting in 1 minute...
read -s -n 1 -p "Please run domain-join2.sh, after reboot..."
echo
shutdown -r +1 "Rebooting for AD logon domain join."
echo


echo
echo

#! /bin/bash


echo Groupmap...
mapgroups.sh
sleep 11
echo


echo Restart samba...
sudo systemctl restart smbd nmbd winbind
sleep 11
echo


echo Rebooting in 1 minute...
read -s -n 1 -p "Please enable GUI tool logon in logon manager after reboot, then reboot again..."
echo
shutdown -r +1 "Rebooting for AD logon domain join."
echo

"%SMILEY000\domain admins"              ALL=(ALL)   ALL

#! /bin/sh


echo Making standard groups...
echo
echo

echo Unix groups...
sudo groupadd smb_domadm
sudo groupadd smb_domguests
sudo groupadd smb_domusers


sudo groupadd smb_standard_users
sudo groupadd smb_standard_users_r
sudo groupadd smb_machine
sudo groupadd smb_human
sudo groupadd smb_special

sudo groupadd smb_sguests
sudo groupadd smb_internet_users
sudo groupadd smb_internet_usersl2
sudo groupadd smb_vpn_users
sudo groupadd smb_normal_users
sudo groupadd smb_admins
sudo groupadd smb_adminsl2
sudo groupadd smb_adminsl3
sudo groupadd smb_adminsl4

sudo groupadd smb_jsguests
sudo groupadd smb_jinternet_users
sudo groupadd smb_jinternet_usersl2
sudo groupadd jsmb_vpn_users
sudo groupadd smb_jnormal_users
sudo groupadd smb_jadmins
sudo groupadd smb_jadminsl2
sudo groupadd smb_jadminsl3
sudo groupadd smb_jadminsl4

echo


echo Samba maps...

sudo net groupmap add ntgroup="Domain Admins" unixgroup="smb_domadm" type="domain"
sudo net groupmap add ntgroup="Domain Guests" unixgroup="smb_domguests" type="domain"
sudo net groupmap add ntgroup="Domain Users" unixgroup="smb_domusers" type="domain"

sudo net groupmap add ntgroup="standard_users" unixgroup="smb_standard_users" type="domain"
sudo net groupmap add ntgroup="standard_users_r" unixgroup="smb_standard_users_r" type="domain"
sudo net groupmap add ntgroup="machine" unixgroup="smb_machine" type="domain"
sudo net groupmap add ntgroup="human" unixgroup="smb_human" type="domain"

sudo net groupmap add ntgroup="sguests" unixgroup="smb_sguests" type="domain"
sudo net groupmap add ntgroup="internet_users" unixgroup="smb_internet_users" type="domain"
sudo net groupmap add ntgroup="internet_usersl2" unixgroup="smb_internet_usersl2" type="domain"
sudo net groupmap add ntgroup="vpn_users" unixgroup="smb_vpn_users" type="domain"
sudo net groupmap add ntgroup="normal_users" unixgroup="smb_normal_users" type="domain"
sudo net groupmap add ntgroup="admins" unixgroup="smb_admins" type="domain"
sudo net groupmap add ntgroup="adminsl2" unixgroup="smb_adminsl2" type="domain"
sudo net groupmap add ntgroup="adminsl3" unixgroup="smb_adminsl3" type="domain"
sudo net groupmap add ntgroup="adminsl4" unixgroup="smb_adminsl4" type="domain"

sudo net groupmap add ntgroup="jsguests" unixgroup="smb_jsguests" type="domain"
sudo net groupmap add ntgroup="jinternet_users" unixgroup="smb_jinternet_users" type="domain"
sudo net groupmap add ntgroup="jinternet_usersl2" unixgroup="smb_jinternet_usersl2" type="domain"
sudo net groupmap add ntgroup="jvpn_users" unixgroup="smb_jvpn_users" type="domain"
sudo net groupmap add ntgroup="jnormal_users" unixgroup="smb_jnormal_users" type="domain"
sudo net groupmap add ntgroup="jadmins" unixgroup="smb_jadmins" type="domain"
sudo net groupmap add ntgroup="jadminsl2" unixgroup="smb_jadminsl2" type="domain"
sudo net groupmap add ntgroup="jadminsl3" unixgroup="smb_jadminsl3" type="domain"
sudo net groupmap add ntgroup="jadminsl4" unixgroup="smb_jadminsl4" type="domain"

echo