forked from rsippl/docker-samba-ad-dc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit.sh
109 lines (95 loc) · 2.89 KB
/
init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash
set -e
SAMBA_DOMAIN=${SAMBA_DOMAIN:-SAMDOM}
SAMBA_REALM=${SAMBA_REALM:-SAMDOM.EXAMPLE.COM}
LDAP_ALLOW_INSECURE=${LDAP_ALLOW_INSECURE:-false}
if [[ $SAMBA_HOST_IP ]]; then
SAMBA_HOST_IP="--host-ip=${SAMBA_HOST_IP}"
fi
SAMBA_CONF_BACKUP=/var/lib/samba/private/smb.conf
SSSD_CONF_BACKUP=/var/lib/samba/private/sssd.conf
KRBKEYTAP_CONF_BACKUP=/var/lib/samba/private/krb5.keytab
appSetup () {
echo "Initializing samba database..."
# Generate passwords or re-use them from the environment
ROOT_PASSWORD=${ROOT_PASSWORD:-$(pwgen -c -n -1 12)}
SAMBA_ADMIN_PASSWORD=${SAMBA_ADMIN_PASSWORD:-$(pwgen -cny 10 1)}
export KERBEROS_PASSWORD=${KERBEROS_PASSWORD:-$(pwgen -cny 10 1)}
echo "root:$ROOT_PASSWORD" | chpasswd
echo Root password: $ROOT_PASSWORD
echo Samba administrator password: $SAMBA_ADMIN_PASSWORD
echo Kerberos KDC database master key: $KERBEROS_PASSWORD
# Provision Samba
rm -f /etc/samba/smb.conf
rm -rf /var/lib/samba/private/*
samba-tool domain provision --use-rfc2307 --domain=$SAMBA_DOMAIN --realm=$SAMBA_REALM --server-role=dc\
--dns-backend=BIND9_DLZ --adminpass=$SAMBA_ADMIN_PASSWORD $SAMBA_HOST_IP
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
if [ "${LDAP_ALLOW_INSECURE,,}" == "true" ]; then
sed -i "/\[global\]/a \
\\\t\# enable unencrypted passwords\n\
ldap server require strong auth = no\
" /etc/samba/smb.conf
fi
# Create Kerberos database
expect kdb5_util_create.expect
# Export kerberos keytab for use with sssd
if [ "${OMIT_EXPORT_KEY_TAB}" != "true" ]
then
samba-tool domain exportkeytab /etc/krb5.keytab --principal ${HOSTNAME}\$
cp /etc/krb5.keytab $KRBKEYTAP_CONF_BACKUP
fi
sed -i "s/SAMBA_REALM/${SAMBA_REALM}/" /etc/sssd/sssd.conf
cp /etc/samba/smb.conf $SAMBA_CONF_BACKUP
cp /etc/sssd/sssd.conf $SSSD_CONF_BACKUP
}
appStart () {
if [ -f $SAMBA_CONF_BACKUP ]
then
echo "Skipping setup and restore configurations..."
cp $SAMBA_CONF_BACKUP /etc/samba/smb.conf
cp $SSSD_CONF_BACKUP /etc/sssd/sssd.conf
[ -f $KRBKEYTAP_CONF_BACKUP ] && cp $KRBKEYTAP_CONF_BACKUP /etc/krb5.keytab
else
appSetup
fi
# Start the services
/usr/bin/supervisord
}
appHelp () {
echo "Available options:"
echo " app:start - Starts all services needed for Samba AD DC"
echo " app:setup - First time setup."
echo " app:setup_start - First time setup and start."
echo " app:help - Displays the help"
echo " [command] - Execute the specified linux command eg. /bin/bash."
}
case "$1" in
app:start)
appStart
;;
app:setup)
appSetup
;;
app:setup_start)
appSetup
appStart
;;
app:help)
appHelp
;;
*)
if [ -x $1 ]; then
$1
else
prog=$(which $1)
if [ -n "${prog}" ] ; then
shift 1
$prog $@
else
appHelp
fi
fi
;;
esac
exit 0