forked from Fmstrat/samba-domain
-
Notifications
You must be signed in to change notification settings - Fork 1
/
init.sh
executable file
·126 lines (114 loc) · 3.91 KB
/
init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/bash
set -e
appSetup () {
# Set variables
DOMAIN=${DOMAIN:-SAMDOM.LOCAL}
DOMAINPASS=${DOMAINPASS:-youshouldsetapassword}
JOIN=${JOIN:-false}
JOINSITE=${JOINSITE:-NONE}
MULTISITE=${MULTISITE:-false}
NOCOMPLEXITY=${NOCOMPLEXITY:-false}
INSECURELDAP=${INSECURELDAP:-false}
DNSFORWARDER=${DNSFORWARDER:-NONE}
HOSTIP=${HOSTIP:-NONE}
LDOMAIN=${DOMAIN,,}
UDOMAIN=${DOMAIN^^}
URDOMAIN=${UDOMAIN%%.*}
# If multi-site, we need to connect to the VPN before joining the domain
if [[ ${MULTISITE,,} == "true" ]]; then
/usr/sbin/openvpn --config /docker.ovpn &
VPNPID=$!
echo "Sleeping 30s to ensure VPN connects ($VPNPID)";
sleep 30
fi
# Set host ip option
if [[ "$HOSTIP" != "NONE" ]]; then
HOSTIP_OPTION="--host-ip=$HOSTIP"
else
HOSTIP_OPTION=""
fi
# Set up samba
mv /etc/krb5.conf /etc/krb5.conf.orig
echo "[libdefaults]" > /etc/krb5.conf
echo " dns_lookup_realm = false" >> /etc/krb5.conf
echo " dns_lookup_kdc = true" >> /etc/krb5.conf
echo " default_realm = ${UDOMAIN}" >> /etc/krb5.conf
# If the finished file isn't there, this is brand new, we're not just moving to a new container
if [[ ! -f /etc/samba/external/smb.conf ]]; then
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
if [[ ${JOIN,,} == "true" ]]; then
if [[ ${JOINSITE} == "NONE" ]]; then
samba-tool domain join ${LDOMAIN} DC -U"${URDOMAIN}\administrator" --password="${DOMAINPASS}" --dns-backend=SAMBA_INTERNAL
else
samba-tool domain join ${LDOMAIN} DC -U"${URDOMAIN}\administrator" --password="${DOMAINPASS}" --dns-backend=SAMBA_INTERNAL --site=${JOINSITE}
fi
else
samba-tool domain provision --use-rfc2307 --domain=${URDOMAIN} --realm=${UDOMAIN} --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass=${DOMAINPASS} ${HOSTIP_OPTION}
if [[ ${NOCOMPLEXITY,,} == "true" ]]; then
samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --history-length=0
samba-tool domain passwordsettings set --min-pwd-age=0
samba-tool domain passwordsettings set --max-pwd-age=0
fi
fi
sed -i "/\[global\]/a \
\\\tidmap_ldb:use rfc2307 = yes\\n\
wins support = yes\\n\
template shell = /bin/bash\\n\
winbind nss info = rfc2307\\n\
idmap config ${URDOMAIN}: range = 10000-20000\\n\
idmap config ${URDOMAIN}: backend = ad\
" /etc/samba/smb.conf
if [[ $DNSFORWARDER != "NONE" ]]; then
sed -i "/\[netlogon\]/i \
\\\tdns forwarder = ${DNSFORWARDER}\
" /etc/samba/smb.conf
fi
if [[ ${INSECURELDAP,,} == "true" ]]; then
sed -i "/\[global\]/a \
\\\tldap server require strong auth = no\
" /etc/samba/smb.conf
fi
# Once we are set up, we'll make a file so that we know to use it if we ever spin this up again
cp /etc/samba/smb.conf /etc/samba/external/smb.conf
else
cp /etc/samba/external/smb.conf /etc/samba/smb.conf
fi
# Set up supervisor
echo "[supervisord]" > /etc/supervisor/conf.d/supervisord.conf
echo "nodaemon=true" >> /etc/supervisor/conf.d/supervisord.conf
echo "" >> /etc/supervisor/conf.d/supervisord.conf
echo "[program:samba]" >> /etc/supervisor/conf.d/supervisord.conf
echo "command=/usr/sbin/samba -i" >> /etc/supervisor/conf.d/supervisord.conf
if [[ ${MULTISITE,,} == "true" ]]; then
if [[ -n $VPNPID ]]; then
kill $VPNPID
fi
echo "" >> /etc/supervisor/conf.d/supervisord.conf
echo "[program:openvpn]" >> /etc/supervisor/conf.d/supervisord.conf
echo "command=/usr/sbin/openvpn --config /docker.ovpn" >> /etc/supervisor/conf.d/supervisord.conf
fi
appStart
}
appStart () {
/usr/bin/supervisord
}
case "$1" in
start)
if [[ -f /etc/samba/external/smb.conf ]]; then
cp /etc/samba/external/smb.conf /etc/samba/smb.conf
appStart
else
echo "Config file is missing."
fi
;;
setup)
# If the supervisor conf isn't there, we're spinning up a new container
if [[ -f /etc/supervisor/conf.d/supervisord.conf ]]; then
appStart
else
appSetup
fi
;;
esac
exit 0