Created
March 21, 2019 13:48
-
-
Save 0xhexmex/a62d28eb8bc850031bb953368f890da3 to your computer and use it in GitHub Desktop.
Join a linux host to an AD domain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Created by Joaquim Nogueira (@lkys37en), March 2019. I take no credit for this awesome work :) | |
| #!/bin/bash | |
| print_usage() { | |
| echo "" | |
| echo "A huge thank you to Brax from proslackers for helping me with this script, thank you!" | |
| echo "" | |
| echo "Usage: $0 -d lkylabs.com -u Administrator -p Welcome1! -o OU=Linux-Servers,OU=Servers,OU=Computers,OU=lkylabs,DC=lkylabs,DC=com -s 'lkylabs\\domain^admins lkylabs\\linux^admins' -x 'lkylabs\\domain^admins'" | |
| echo | |
| cat << "EOF" | |
| Command line options: | |
| -d Domain to join the linux box to | |
| -u Administrator username | |
| -p Administrator username | |
| -o Organization unit where the linux box will be placed | |
| -s Groups that are allowed to login | |
| -x Groups that have sudo privileges | |
| EOF | |
| exit 3 | |
| } | |
| case "$1" in | |
| --help) | |
| print_usage | |
| ;; | |
| -h) | |
| print_usage | |
| ;; | |
| esac | |
| while getopts ":d:u:p:o:s:x:" opt; do | |
| case "${opt}" in | |
| d) | |
| Domain=${OPTARG} | |
| ;; | |
| u) | |
| Username=${OPTARG} | |
| ;; | |
| p) | |
| Password=${OPTARG} | |
| ;; | |
| o) | |
| OU=${OPTARG} | |
| ;; | |
| s) | |
| SecurityGroups=${OPTARG} | |
| ;; | |
| x) | |
| SudoGroups=${OPTARG} | |
| ;; | |
| : ) echo "Missing argument for -$OPTARG" | |
| print_usage | |
| exit 0 | |
| ;; | |
| esac | |
| done | |
| #Download open-pbis | |
| dl=https://github.com/BeyondTrust/pbis-open/releases/download/8.8.0/pbis-open-8.8.0.506.linux.x86_64.deb.sh | |
| pbis='pbis-open-8.8.0.506.linux.x86_64.deb.sh' | |
| cd /tmp | |
| wget $dl | |
| chmod +x $pbis | |
| ./$pbis | |
| #Use PBIS Open to join the PC to the Windows Domain. | |
| echo $Password | domainjoin-cli join --ou "$OU" $Domain $Username | |
| #Configure domain defaults | |
| #Reference https://www.beyondtrust.com/assets/documents/bt/PBIS_Linux_Administration_Guide_8.2.pdf | |
| echo UserDomainPrefix $Domain > /tmp/Config | |
| echo AssumeDefaultDomain 'true' >> /tmp/Config | |
| echo LoginShellTemplate /bin/bash >> /tmp/Config | |
| echo HomeDirTemplate %H/%U >> /tmp/Config | |
| echo Requiremembershipof "$SecurityGroups" >> /tmp/Config | |
| /opt/pbis/bin/config --file /tmp/Config | |
| #Check group membership with /opt/pbis/bin/config --detail Requiremembershipof | |
| #Adding sudo groups to sudoers file | |
| for ADGroups in $SudoGroups; do echo %$ADGroups ALL=\(ALL:ALL\) ALL >> /etc/sudoers; done | |
| #Edit the /etc/pamd.d/common-session file | |
| sed -i 's/sufficient/[success=ok default=ignore]/' /etc/pam.d/common-session | |
| #Download Kerberos User Configuration | |
| DEBIAN_FRONTEND=noninteractive apt-get install krb5-user -y |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment