#!/bin/bash
# Guião de instalação de LDAP/Samba
# Por S. Ramos 16/Jul/2008-1
# Desenvolvido a partir de um docuemento de Hugo Batel - SPiS Informática e Serviços
# Licença Creative Commons - Atribuição-Uso Não-Comercial 2.5
#

service yum-updatesd stop
chkconfig --level 345 yum-updatesd off
echo
echo
echo Vamos tratar do nome do domínio do servidor, que terá duas partes.
echo Tipicamente, temos nome_da_escola.dominiox ou algo do género,
echo por exemplo, escola.local
echo
echo Introduza os elementos com letras minúsculas.

read -p "Qual a primeira parte do nome do domínio? " nome
read -p "Qual a segunda parte do nome do domínio? " dominio
read -p "Qual o nome NETBIOS deste servidor? " nomenetbios
sed -i "s/$nomenetbios.$nome.$dominio//" /etc/hosts

sed -i '/search/ d' /etc/resolv.conf

echo [dag] >/etc/yum.repos.d/dag.repo
echo name=Dag RPM Repository for Red Hat Enterprise Linux >>/etc/yum.repos.d/dag.repo
echo "baseurl=http://dag.linux.iastate.edu/dag/redhat/el5/en/\$basearch/dag" >>/etc/yum.repos.d/dag.repo
echo gpgcheck=1 >>/etc/yum.repos.d/dag.repo
echo enabled=0 >>/etc/yum.repos.d/dag.repo

wget http://dag.linux.iastate.edu/dag/RPM-GPG-KEY.dag.txt
rpm --import RPM-GPG-KEY.dag.txt

yum -y install smbldap-tools --enablerepo=dag

yum -y install openldap openldap-clients openldap-servers samba-common samba-client samba rpcbind


echo
echo
echo Se a instalação de pacotes não correu bem, abandone este processo!
read -p "Pressione enter para continuar ou simultaneamente Ctrl e C para sair. " resposta
if [ -n "$resposta" ]; then
 echo Processo interrompido. Em caso de dúvidas, contacte o sítio Livre.
 exit 0
fi

cp /usr/share/doc/samba-*/LDAP/samba.schema /etc/openldap/schema/

cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.original

sed -i '/nis.schema/ a\include	/etc/openldap/schema/samba.schema' /etc/openldap/slapd.conf


sed -i "s/dc=my-domain,dc=com/dc=$nome,dc=$dominio/" /etc/openldap/slapd.conf
sed -i 's/Manager/Administrador/' /etc/openldap/slapd.conf
sed -i 's/index/#index/' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index default sub' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index sambaDomainName eq' /etc/openldap/slapd.conf 
sed -i '/nisMapName/ a\index sambaPrimaryGroupSID eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index sambaSID eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index memberUID eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index gidNumber eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index uidNumber eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index displayName pres,sub,eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index uid pres,sub,eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index sn pres,sub,eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index cn pres,sub,eq' /etc/openldap/slapd.conf
sed -i '/nisMapName/ a\index objectClass eq' /etc/openldap/slapd.conf

echo
echo "Introduza a senha de Administrador LDAP: "
linha=$(/usr/sbin/slappasswd)
sed -i "/{crypt}/ a\rootpw	$linha" /etc/openldap/slapd.conf

cp /etc/ldap.conf /etc/ldap.conf.original

sed -i "s/host 127/#host 127/" /etc/ldap.conf
sed -i "s/dc=example,dc=com/dc=$nome,dc=$dominio/" /etc/ldap.conf
sed -i "s/#bind_policy hard/bind_policy soft/" /etc/ldap.conf
echo "uri ldap://127.0.0.1/" >>/etc/ldap.conf
echo "ssl no" >>/etc/ldap.conf
echo "tls_cacertdir /etc/openldap/cacerts" >>/etc/ldap.conf
echo "pam_password md5" >>/etc/ldap.conf

cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.original

sed -i 's/#BASE/BASE/' /etc/openldap/ldap.conf
sed -i "s/dc=example/dc=$nome/" /etc/openldap/ldap.conf
sed -i "s/dc=com/dc=$dominio/" /etc/openldap/ldap.conf
sed -i "s/, dc=/,dc=/" /etc/openldap/ldap.conf
echo "URI ldap://127.0.0.1/" >>/etc/openldap/ldap.conf
echo "TLS_CACERTDIR /etc/openldap/cacerts" >>/etc/openldap/ldap.conf

cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

mv /etc/nsswitch.conf /etc/nsswitch.conf.original
echo 'passwd:	files ldap' >/etc/nsswitch.conf
echo 'shadow:	files ldap' >>/etc/nsswitch.conf
echo 'group:	files ldap' >>/etc/nsswitch.conf
echo 'hosts:	files dns' >>/etc/nsswitch.conf
echo 'bootparams: nisplus [NOTFOUND=return] files' >>/etc/nsswitch.conf
echo 'ethers:     files' >>/etc/nsswitch.conf
echo 'netmasks:   files' >>/etc/nsswitch.conf
echo 'networks:   files' >>/etc/nsswitch.conf
echo 'protocols:  files ldap' >>/etc/nsswitch.conf
echo 'rpc:        files' >>/etc/nsswitch.conf
echo 'services:   files ldap' >>/etc/nsswitch.conf
echo 'netgroup:   files ldap' >>/etc/nsswitch.conf
echo 'publickey:  nisplus' >>/etc/nsswitch.conf
echo 'automount:  files ldap' >>/etc/nsswitch.conf
echo 'aliases:    files nisplus' >>/etc/nsswitch.conf

/sbin/service ldap start
/sbin/chkconfig ldap on

mv /etc/samba/smb.conf /etc/samba/smb.conf.original

echo "# Samba PDC openLDAP para CentOS 5" >/etc/samba/smb.conf
echo "# Desenvolvido por S. Ramos a partir de um documento de Hugo Batel - SPiS2 Informática e Serviços" >>/etc/samba/smb.conf
echo "# 16/Jul/2008" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "#======================= Configurações Globais =====================================" >>/etc/samba/smb.conf
echo [global] >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Nome do dominio e servidor" >>/etc/samba/smb.conf
echo workgroup = $nome.$dominio >>/etc/samba/smb.conf
echo server string = Servidor $nome.$dominio >>/etc/samba/smb.conf
echo netbios name = $nomenetbios >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "#========================== LDAP ====================================================" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Configuração do Administrador do Domínio" >>/etc/samba/smb.conf
echo admin users = root @\"Domain Admins\" >>/etc/samba/smb.conf
echo passdb backend = ldapsam:ldap://localhost >>/etc/samba/smb.conf
echo obey pam restrictions = no >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Sufixo LDAP para todas as entradas seguintes" >>/etc/samba/smb.conf
echo ldap suffix = dc=$nome,dc=$dominio >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# OU para Utilizadores netbios" >>/etc/samba/smb.conf
echo ldap user suffix = ou=People >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# OU para Grupos netbios" >>/etc/samba/smb.conf
echo ldap group suffix = ou=Group >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Contas para máquinas netbios" >>/etc/samba/smb.conf
echo ldap machine suffix = ou=Computers >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Conta do Administrador openLDAP" >>/etc/samba/smb.conf
echo "ldap admin dn = cn=Administrador,dc="$nome",dc="$dominio >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Sincronização de contas LDAP, NT e LM" >>/etc/samba/smb.conf
echo "ldap passwd sync = yes" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# Script para adicionar contas de máquinas de forma automática" >>/etc/samba/smb.conf
echo add machine script = /usr/sbin/smbldap-useradd -w %u >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "#=============== Outras Configurações para Dominio SAMBA =====================" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "# É necessário ter estes parametros definidos da seguinte forma:" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo security = user >>/etc/samba/smb.conf
echo log file = /var/log/samba/%m.log >>/etc/samba/smb.conf
echo max log size = 1000 >>/etc/samba/smb.conf
echo syslog = 0 >>/etc/samba/smb.conf
echo local master = yes >>/etc/samba/smb.conf
echo os level = 35 >>/etc/samba/smb.conf
echo domain master = yes >>/etc/samba/smb.conf
echo preferred master = yes >>/etc/samba/smb.conf
echo domain logons = yes >>/etc/samba/smb.conf
echo logon drive = H: >>/etc/samba/smb.conf
echo logon script = scripts\\monta_h.bat >>/etc/samba/smb.conf
echo wins support = no >>/etc/samba/smb.conf
echo dns proxy = no >>/etc/samba/smb.conf
echo printing = cups >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo "#========================== Definições de Partilha ==========================" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo [homes] >>/etc/samba/smb.conf
echo "   comment = Home Directories" >>/etc/samba/smb.conf
echo "   browseable = no" >>/etc/samba/smb.conf
echo "   writable = yes" >>/etc/samba/smb.conf
echo "   security mask = 0777" >>/etc/samba/smb.conf
echo "   force security mode = 0" >>/etc/samba/smb.conf
echo "   directory security mask = 0" >>/etc/samba/smb.conf
echo "   force directory security mode = 0" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo [netlogon] >>/etc/samba/smb.conf
echo "   comment = Network Logon Service" >>/etc/samba/smb.conf
echo "   path = /mnt/samba/netlogon" >>/etc/samba/smb.conf
echo "   guest ok = yes" >>/etc/samba/smb.conf
echo "   writable = yes" >>/etc/samba/smb.conf
echo "   share modes = no" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo [profiles] >>/etc/samba/smb.conf
echo "    comment = User profiles" >>/etc/samba/smb.conf
echo "    path = /mnt/samba/profiles" >>/etc/samba/smb.conf
echo "    read only = no" >>/etc/samba/smb.conf
echo "    store dos attributes = yes" >>/etc/samba/smb.conf
echo "    create mode = 0600" >>/etc/samba/smb.conf
echo "    directory mode = 0700" >>/etc/samba/smb.conf
echo "    browseable = no" >>/etc/samba/smb.conf
echo "    guest ok = yes" >>/etc/samba/smb.conf
echo "    printable = no" >>/etc/samba/smb.conf
echo "    profile acls = yes" >>/etc/samba/smb.conf
echo "    hide files = /desktop.ini/outlook*.lnk/*Briefcase*/" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo [profdata] >>/etc/samba/smb.conf
echo "    comment = Profile Data Share" >>/etc/samba/smb.conf
echo "    path = /mnt/samba/profdata" >>/etc/samba/smb.conf
echo "    readonly = no" >>/etc/samba/smb.conf
echo "    profile acls = yes" >>/etc/samba/smb.conf
echo "" >>/etc/samba/smb.conf
echo [print$] >>/etc/samba/smb.conf
echo "    comment = Printer Drivers" >>/etc/samba/smb.conf
echo "    path = /mnt/samba/drivers" >>/etc/samba/smb.conf
echo "    browseable = yes" >>/etc/samba/smb.conf
echo "    guest ok = no" >>/etc/samba/smb.conf
echo "    read only = yes" >>/etc/samba/smb.conf
echo "    write list = root" >>/etc/samba/smb.conf

echo
echo
read -p "Qual a senha a utilizar para Samba? " senha
smbpasswd -w $senha

mkdir /mnt/samba
mkdir /mnt/samba/netlogon
mkdir /mnt/samba/netlogon/scripts
mkdir /mnt/samba/profiles
mkdir /mnt/samba/profdata
mkdir /mnt/samba/drivers

wget -O /mnt/samba/netlogon/DefaultUser.zip http://livre.fornece.info/media/servidor/instalar/DefaultUser.zip
unzip /mnt/samba/netlogon/DefaultUser.zip
rm -f /mnt/samba/netlogon/DefaultUSer.zip

wget -O /mnt/samba/netlogon/scripts/monta_h.bat http://livre.fornece.info/media/servidor/instalar/monta_h.bat

chmod -R 771 /mnt/samba
chmod -R 777 /mnt/samba/netlogon
chmod -R 777 /mnt/samba/profiles
chmod -R 755 /mnt/samba/profdata
chmod -R 755 /mnt/samba/drivers

chmod 777 /var/spool/samba

/sbin/service smb start

echo
echo
read -p "Qual a senha do Administrador LDAP? " senha

cp /etc/smbldap-tools/smbldap_bind.conf /etc/smbldap-tools/smbldap_bind.conf.original

sed -i 's/Manager/Administrador/' /etc/smbldap-tools/smbldap_bind.conf
sed -i "s/iallanis/$nome/" /etc/smbldap-tools/smbldap_bind.conf
sed -i "s/dc=info/dc=$dominio/" /etc/smbldap-tools/smbldap_bind.conf
sed -i "s/secret/$senha/" /etc/smbldap-tools/smbldap_bind.conf

nomenetbiosmaiusculas=$(echo $nomenetbios | tr '[:lower:]' '[:upper:]')
sid=$(net getlocalsid | sed -e "s/SID for domain $nomenetbiosmaiusculas is: //")

cp /etc/smbldap-tools/smbldap.conf /etc/smbldap-tools/smbldap.conf.original

sed -i "/SID=/ c\SID=\"$sid\"" /etc/smbldap-tools/smbldap.conf

sed -i "s/DOMSMB/$nome.$dominio/" /etc/smbldap-tools/smbldap.conf
sed -i "s/slaveLDAP=\"ldap.iallanis.info\"/slaveLDAP=\"127.0.0.1\"/" /etc/smbldap-tools/smbldap.conf
sed -i "s/masterLDAP=\"ldap.iallanis.info\"/masterLDAP=\"127.0.0.1\"/" /etc/smbldap-tools/smbldap.conf
sed -i 's/ldapTLS=/#ldapTLS=/'  /etc/smbldap-tools/smbldap.conf
sed -i 's/ldapSSL=/#ldapSSL=/'  /etc/smbldap-tools/smbldap.conf
sed -i 's/verify=/#verify=/'  /etc/smbldap-tools/smbldap.conf
sed -i 's/cafile=/#cafile=/'  /etc/smbldap-tools/smbldap.conf
sed -i 's/clientcert=/#clientcert=/'  /etc/smbldap-tools/smbldap.conf
sed -i 's/clientkey=/#clientkey=/'  /etc/smbldap-tools/smbldap.conf
sed -i "s/dc=iallanis,dc=info/dc=$nome,dc=$dominio/"  /etc/smbldap-tools/smbldap.conf
sed -i "s/usersdn=\"ou=Users/usersdn=\"ou=People/"  /etc/smbldap-tools/smbldap.conf
sed -i "s/groupsdn=\"ou=Groups/usersdn=\"ou=Group/"  /etc/smbldap-tools/smbldap.conf
sed -i "s/PasswordAge=\"45\"/PasswordAge=\"1095\"/"  /etc/smbldap-tools/smbldap.conf
sed -i "s/PDC-SRV/$nomenetbios/"  /etc/smbldap-tools/smbldap.conf
sed -i 's/Ex: userHomeDrive="H:"//'  /etc/smbldap-tools/smbldap.conf
sed -i 's/Drive="H:"/Drive="h:"/'  /etc/smbldap-tools/smbldap.conf
sed -i "s/userScript=\"logon.bat\"/#userScript=\"logon.bat\"/"  /etc/smbldap-tools/smbldap.conf
sed -i "s/mailDomain=\"iallanis.info\"/#mailDomain=\"$nome.$dominio\"/"  /etc/smbldap-tools/smbldap.conf
sed -i 's/Ex: #mail/Ex: mail/' /etc/smbldap-tools/smbldap.conf
sed -i "s/dc=idealx,dc=org/dc=$nome,dc=$dominio/" /etc/smbldap-tools/smbldap.conf
sed -i "/sambaUnixIdPooldn=\"sambaDomainName=IDEAL/ c\ sambaUnixIdPooldn=\"sambaDomainName=$\{sambaDomain\},$\{suffix\}\"" /etc/smbldap-tools/smbldap.conf

smbldap-populate

echo
echo
echo Verifiquemos a associação dos grupos do domínio Samba com os grupos LDAP criados:
echo
net groupmap list

echo
echo
echo Criação do utilizador chamado utilizadorteste.
echo Introduza a senha do utilizador \(sugerimos a palavra \"teste\"\): 
smbldap-useradd -am utilizadorteste
smbldap-passwd utilizadorteste

/sbin/service ldap restart
/sbin/service smb restart

echo /home	192.168.1.0/255.255.255.0\(rw,sync\) >>/etc/exports
/sbin/chkconfig --level 35 smb on
/sbin/chkconfig --level 35 nfs on
/sbin/chkconfig --level 35 nfslock on

echo
echo CONFIGURAÇÃO TERMINADA!

exit 0