Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- set -e # stop on error
- aptitude update
- aptitude upgrade -y
- aptitude install -y samba samba-client krb5-user winbind libpam-mount cifs-utils xfsprogs glusterfs-server glusterfs-client acl
- service smbd stop
- service nmbd stop
- service winbind stop
- default="SAMDOM";
- read -p "Enter workgroup [$default]: " workgroup;
- [ -z "$workgroup" ] && workgroup=$default;
- default="$workgroup.EXAMPLE.COM";
- read -p "Enter realm [$default]: " realm ;
- [ -z "$realm" ] && realm=$default;
- default="DC01.$realm";
- read -p "Enter name of domain controller [$default]:" dc;
- [ -z "$dc" ] && dc=$default;
- tdir=$(mktemp -d)
- echo "Updating config files (samba, krb5 and nsswitch)"
- mv -v /etc/samba/smb.conf /etc/samba/smb.conf.org
- echo "[global]
- workgroup = $workgroup
- security = ADS
- realm = $realm
- encrypt passwords = yes
- template shell = /bin/bash
- idmap config *:backend = rid
- idmap config *:range = 10000-20000
- winbind use default domain = yes
- winbind enum users = yes
- winbind enum groups = yes
- vfs objects = acl_xattr
- map acl inherit = Yes
- store dos attributes = Yes
- [test]
- path = $tdir/samba/test
- read only = no
- " > /etc/samba/smb.conf
- mv -v /etc/krb5.conf /etc/krb5.conf.org
- echo "
- [libdefaults]
- default_realm = $realm
- dns_lookup_realm = false
- dns_lookup_kdc = true
- " > /etc/krb5.conf
- perl -p -i.org -e 's/compat/compat winbind/g' /etc/nsswitch.conf
- service smbd restart
- service nmbd restart
- service winbind restart
- net ads join -U administrator
- service smbd restart
- service nmbd restart
- service winbind restart
- echo -n "Enter $workgroup\\administrator password: "
- if net rpc rights list accounts -U"$workgroup\\administrator" | grep SeDiskOperatorPrivilege > /dev/null ; then
- echo "Admin rights okay"
- else
- echo "Ensure that Admin has SeDiskOperatorPrivilege. Try following command"
- echo "net rpc rights grant '$workgroup\\Domain Admins' SeDiskOperatorPrivilege -U'$workgroup\\administrator' -I $dc"
- exit 1;
- fi
- # TEST 1 (should work)
- echo "*** TEST 01 (working as expected) ***"
- echo
- echo "Creating temporary disk with xfs"
- umount $tdir > /dev/null || true
- dd if=/dev/zero of=./gluster.img bs=1 count=0 seek=512M # create sparse file
- yes | mkfs.xfs -f gluster.img
- mount -o loop gluster.img $tdir
- echo "Creating samba folder and setting permissions (xfs)"
- mkdir -p $tdir/samba/test
- chown -R "$workgroup\\Administrator":"$workgroup\\Domain Users" $tdir/samba/test
- chmod -R 0777 $tdir/samba/test
- setfacl -m "g:domain admins:rwx" $tdir/samba/test
- service smbd restart
- service nmbd restart
- service winbind restart
- echo "Try to change folder permissions with windows client. Expected bahavior: Everything works."
- read -p "Press Enter when done "
- # TEST 2 (fails)
- echo "*** TEST 02 (failing unexpected) ***"
- echo
- echo "Setting up glusterfs"
- mkdir -p $tdir/{vol1,vol2} || true
- if gluster volume info | grep test ; then
- echo "Gluster volume 'test' exists, skipping creation"
- else
- yes | gluster volume create test replica 2 $(hostname):$tdir/vol1 $(hostname):$tdir/vol2
- gluster volume start test
- gluster volume info
- fi
- mount -t glusterfs -o acl $(hostname):/test $tdir/samba
- echo "Creating samba folder and setting permissions (glusterfs)"
- mkdir -p $tdir/samba/test
- chown -R "$workgroup\\Administrator":"$workgroup\\Domain Users" $tdir/samba/test
- chmod -R 0777 $tdir/samba/test
- setfacl -m "g:domain admins:rwx" $tdir/samba/test
- service smbd restart
- service nmbd restart
- service winbind restart
- echo "Try to change folder permissions with windows client. Expected bahavior: An error occurred while applying security information ..."
- read -p "Press Enter when done "
- echo "Folders and files created:"
- echo "$tdir"
- echo "gluster.img"
- echo "gluster volume test"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement