#!/bin/bash # # Server-Setup v0.4 Paul Matthews (c) 27-10-2005 # # # This software was made with the help of # Squidmanage v0.5 Matt Keadle (c) 02-14-2002 # Released under the terms of the GPL. # found on http://mkeadle.org/ # ################################################################################ # Check for root if ! [ $(whoami) = 'root' ] ; then echo "You must be root to run this program"; exit 1; fi # Check for dialog if type -p dialog; then DIALOG="$(type -p dialog) --aspect 75"; else echo "dialog not found!"; exit 1; fi ############### Variables: ##################################################### TMP="/tmp/smout.$$" TMP2="/tmp/smout2.$$" ############### Main menu: ##################################################### mainmenu(){ if ! $DIALOG --menu\ "Main Menu - SeverSetup-v0.01" 10 40 6\ "S " "Squid with NTLM"\ "J " "Join Windows Domain"\ "L " "LAM & OpenLDAP & Samba PDC"\ "A " "Setup OpenLDAP Server"\ "R " "DDNS & DHCP"\ 2> $TMP then postprocess fi case $(cat $TMP) in "S ") squidntlm ;; "J ") joindomain ;; "L ") samba ;; "A ") openldap ;; "R ") monitorsub ;; esac } ########## commands: ########### squidntlm(){ /usr/bin/clear echo " *********************************************************************************** **************************Setup kerberos File************************************** ***********************************************************************************" echo "" X=WINDOWS.SERVER.INT echo "Enter the DNS name of your windows domain in capitals:" printf "default DNS name = $X: " read X if [ "$X" = "" ]; then X=WINDOWS.SERVER.INT fi echo "" Y=mc1.windows.server.int echo "Enter the DNS name of your windows domain controller:" printf "default DNS name = $Y: " read Y if [ "$Y" = "" ]; then Y=mc1.windows.server.int fi echo "" Z=windows.server.int echo "Enter the DNS name of your windows domain in lower case:" printf "default DNS name = $Z: " read Z if [ "$Z" = "" ]; then Z=windows.server.int fi echo "" echo " [libdefaults] default_realm = $X [realms] $X = { kdc = $Y default_domain = $X kpasswd_server = $Y admin_server = $Y } [domain_realm] .$Z = $X" > krb5.conf echo " *********************************************************************************** *****************************Setup Samba File************************************** ***********************************************************************************" echo "" B=WINDOWS echo "Enter short domain name of your windows domain in capitals:" printf "default realm = $B: " read B if [ "$B" = "" ]; then B=WINDOWS fi echo "" echo " workgroup = $B security = ads realm = $X encrypt passwords = yes username map = /etc/samba/smbusers winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes" > smb.conf ############################## setup squid file ########################### echo " ********************************************************************************* *******************************configuring Squid********************************* *********************************************************************************" echo "" D=3128 echo "choose the port squid will run on" printf "default port = $D: " read D if [ "$D" = "" ]; then D=3128 fi E=/usr/bin/ntlm_auth echo "Choose the path to ntlm_auth file for your ntlm auth" printf "default path = $E: " read E if [ "$E" = "" ]; then E='/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp' else E=$E' --helper-protocol=squid-2.5-ntlmssp' fi F=/usr/bin/ntlm_auth echo "Choose the path to ntlm_auth file for your basic auth" printf "default path = $F: " read F if [ "$F" = "" ]; then F='/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp' else F=$F' --helper-protocol=squid-2.5-ntlmssp' fi echo " http_port $D acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param ntlm program $E auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute auth_param ntlm use_ntlm_negotiate on auth_param basic program $F auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour auth_param basic casesensitive off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ntlm_auth proxy_auth REQUIRED http_access allow ntlm_auth http_access allow localhost http_reply_access allow all icp_access allow all cache_effective_user squid cache_effective_group squid" > squid.conf ############################### setup Kerberos ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/krb5.conf echo "Enter the path to your kerberos file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/krb5.conf; fi cp $X $X.backup; cp krb5.conf $X; echo "Your old kerberos file has been backed up to $X.backup"; echo "" ############################### setup Samba ############################# echo " ********************************************************************************* *******************************configuring Samba********************************* *********************************************************************************" echo "" X=/etc/samba/smb.conf echo "Enter the path to your Samba file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/samba/smb.conf; fi cp $X $X.backup; cp smb.conf $X; echo "Your old Samba file has been backed up to $X.backup"; echo "" ############################### setup Squid ############################# echo " ********************************************************************************* ******************************configuring Squid******************************* *********************************************************************************" echo "" X=/etc/squid/squid.conf echo "Enter the path to your squid file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/squid/squid.conf; fi cp $X $X.backup; cp squid.conf $X; echo "Your old squid file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************Setting up kerberos******************************** *********************************************************************************" echo"" U=administrator echo "Enter the domain administrator user on your windows domain [default is $U]" printf "The defaul user is [$U]: " read U if [ "$U" = "" ]; then U=administrator; fi echo "" kinit $U echo " ********************************************************************************* ******************************joining the domain********************************* *********************************************************************************" echo "" net join -S $Y -U $U echo " ********************************************************************************* ****************************Restarting the servers******************************* *********************************************************************************" echo "" /etc/init.d/winbind restart /etc/init.d/smb restart /etc/init.d/squid restart echo " ********************************************************************************* ********************setting servers to start at boot***************************** *********************************************************************************" echo "" /sbin/chkconfig winbind on echo "winbind set to start on boot" /sbin/chkconfig squid on echo "squid set to start on boot" /sbin/chkconfig smb on echo "samba set to start on boot" echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then squidntlm fi rm -rf smb.conf rm -rf krb5.conf } joindomain(){ /usr/bin/clear echo " *********************************************************************************** **************************Setup kerberos File************************************** ***********************************************************************************" echo "" X=WINDOWS.SERVER.INT echo "Enter the DNS name of your windows domain in capitals:" printf "default_realm = $X: " read X if [ "$X" = "" ]; then X=WINDOWS.SERVER.INT fi echo "" Y=mc1.windows.server.int echo "Enter the DNS name of your windows domain controller:" printf "default_realm = $Y: " read Y if [ "$Y" = "" ]; then Y=mc1.windows.server.int fi echo "" Z=windows.server.int echo "Enter the DNS name of your windows domain in lower case:" printf "default_realm = $Z: " read Z if [ "$Z" = "" ]; then Z=windows.server.int fi echo "" echo " [libdefaults] default_realm = $X [realms] $X = { kdc = $Y default_domain = $X kpasswd_server = $Y admin_server = $Y } [domain_realm] .$Z = $X" > krb5.conf echo " *********************************************************************************** *****************************Setup Samba File************************************** ***********************************************************************************" echo "" B=WINDOWS echo "Enter short domain name of your windows domain in capitals:" printf "default_realm = $B: " read B if [ "$B" = "" ]; then B=WINDOWS fi echo "" echo " workgroup = $B security = ads realm = $X encrypt passwords = yes username map = /etc/samba/smbusers winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes" > smb.conf ############################### setup Kerberos ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/krb5.conf echo "Enter the path to your kerberos file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/krb5.conf; fi cp $X $X.backup; cp krb5.conf $X; echo "Your old kerberos file has been backed up to $X.backup"; echo "" ############################### setup Samba ############################# echo " ********************************************************************************* *******************************configuring Samba********************************* *********************************************************************************" echo "" X=/etc/samba/smb.conf echo "Enter the path to your Samba file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/samba/smb.conf; fi cp $X $X.backup; cp smb.conf $X; echo "Your old Samba file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************Setting up kerberos******************************** *********************************************************************************" echo"" U=administrator echo "Enter the domain administrator user on your windows domain [default is $U]" printf "The defaul user is [$U]: " read U if [ "$U" = "" ]; then U=administrator; fi echo "" kinit $U echo " ********************************************************************************* ******************************joining the domain********************************* *********************************************************************************" echo "" net join -S $Y -U $U echo " ********************************************************************************* ****************************Restarting the servers******************************* *********************************************************************************" echo "" /etc/init.d/winbind restart /etc/init.d/smb restart echo " ********************************************************************************* ********************setting servers to start at boot***************************** *********************************************************************************" echo "" /sbin/chkconfig winbind on echo "winbind set to start on boot" /sbin/chkconfig smb on echo "samba set to start on boot" rm -rf smb.conf rm -rf krb5.conf echo "" echo "Now you might want to look into PAM (pluggable authentication Module) found in the /etc/pam.d/ folder. if you want to use winbind to authentication your pop3 e-mail server then edit the /etc/pam.d/pop file." echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then joindomain fi } samba(){ /usr/bin/clear echo " *********************************************************************************** ****************************Setup ldap File**************************************** ***********************************************************************************" echo "" A='dc=fedora,dc=directory,dc=server' echo "Enter the base for your ldap server" printf "the default base = $A: " read A if [ "$A" = "" ]; then A='dc=fedora,dc=directory,dc=server' fi echo "" B=mc1.fedora.directory.server echo "Enter the host for your ldap server" printf "the default host = $B: " read B if [ "$B" = "" ]; then B=mc1.fedora.directory.server fi echo " # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST $A BASE $B TLS_CAiCERTDIR /etc/openldap/cacerts" > ldap.conf echo " *********************************************************************************** ****************************Setup DB_CONFIG File*********************************** ***********************************************************************************" echo "" K='/etc/openldap/DB_CONFIG.example' echo "Enter the default DB_CONFIG file" printf "the default base = $K: " read K if [ "$K" = "" ]; then K='/etc/openldap/DB_CONFIG.example' cp $K /var/lib/ldap/ mv /var/lib/ldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG fi echo "" echo " *********************************************************************************** ****************************Setup slapd File*************************************** ***********************************************************************************" echo "" Q=/usr/share/doc/samba-3.0.21b/LDAP/samba.schema echo "Enter the location of your samba.schema file" printf "the default = $Q: " read Q if [ "$Q" = "" ]; then Q=/usr/share/doc/samba-3.0.21b/LDAP/samba.schema fi echo "" R=/etc/openldap/schema/ echo "Enter the location of your LDAP schema directory" printf "the default = $R: " read R if [ "$R" = "" ]; then R=/etc/openldap/schema/ fi cp $Q $R echo "" C='cn=Manager,dc=fedora,dc=directory,dc=server' echo "Enter the root cn for your ldap server" printf "the default cn = $C: " read C if [ "$C" = "" ]; then C='cn=Manager,dc=fedora,dc=directory,dc=server' fi echo "" echo "Lets set a password for $C" D=`slappasswd` echo "" echo " include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix \"$A\" rootdn \"$C\" rootpw $D directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub " > slapd.conf E='Fedora Directory Server' echo "Enter the organization name for your ldap server" printf "the default organization name = $E: " read E if [ "$E" = "" ]; then E='Fedora Directory Server' fi echo "" F=Fedora echo "Enter the DC for your ldap server" printf "the default cn = $F: " read F if [ "$F" = "" ]; then F=Fedora fi echo "" echo " dn: $A objectclass: dcobject objectClass: organization o: $E dc: $F" > /tmp/domain.ldif echo " dn: ou=groups,$A ou: groups objectclass: top objectclass: organizationalUnit" > /tmp/groups.ldif echo " dn: ou=machines,$A ou: machines objectclass: top objectclass: organizationalUnit" > /tmp/machines.ldif echo " dn: ou=people,$A ou: people objectclass: top objectclass: organizationalUnit" > /tmp/users.ldif echo " dn: ou=domains,$A ou: domains objectclass: top objectclass: organizationalUnit" > /tmp/domains.ldif sid='' net getlocalsid > /tmp/sid sed 's/.*: //' /tmp/sid > /tmp/sids sid=$(cat /tmp/sids) echo " dn: sambaDomainName=$F,ou=domains,$A sambaDomainName: $F sambaSID: $sid sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain" > /tmp/sambadomains.ldif ############################### setup ldap ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/openldap/ldap.conf echo "Enter the path to your ldap file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/ldap.conf; fi cp $X $X.backup; cp ldap.conf $X; echo "Your old ldap file has been backed up to $X.backup"; echo "" ############################### setup slap ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/openldap/slapd.conf echo "Enter the path to your slapd file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/slapd.conf; fi cp $X $X.backup; cp slapd.conf $X; echo "Your old slapd file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************starting ldap server******************************* *********************************************************************************" echo "" /etc/init.d/ldap restart echo "" ldapadd -x -D $C -W -f /tmp/domain.ldif -h localhost ldapadd -x -D $C -W -f /tmp/users.ldif -h localhost ldapadd -x -D $C -W -f /tmp/groups.ldif -h localhost ldapadd -x -D $C -W -f /tmp/machines.ldif -h localhost ldapadd -x -D $C -W -f /tmp/domains.ldif -h localhost ldapadd -x -D $C -W -f /tmp/sambadomains.ldif -h localhost echo " ********************************************************************************* **********************downloading and installing LAM***************************** *********************************************************************************" echo "do you have the LAM gzip install file in the same directory as this script?" printf "[y/n]" read X if [ "$X" = "n" ]; then echo "make sure your connected to the internet for the next part, LAM will be downloaded for you" echo "" V='wget http://switch.dl.sourceforge.net/sourceforge/lam/ldap-account-manager-1.0.0.tar.gz' echo "Enter the URL of the latest LAM file" printf "the default base = $V: " read V if [ "$V" = "" ]; then V='wget http://switch.dl.sourceforge.net/sourceforge/lam/ldap-account-manager-1.0.0.tar.gz' $V fi echo "" fi gzip -d ldap-account-manager* tar -xf ldap-account-manager* #rm -rf ldap-account-manager* -f echo " *********************************************************************************** **********************Setup LAM config.cfg File************************************ ***********************************************************************************" echo "" H=lam echo "Enter the password at access LAM" printf "the default base = $H: " read H if [ "$H" = "" ]; then H=lam fi echo " # password to add/delete/rename configuration profiles password: lam # default profile, without ".conf" default: lam" > config.cfg echo "" echo " *********************************************************************************** ************************Setup LAM lam.conf File************************************ ***********************************************************************************" echo "" I=ldap://localhost:389 echo "Enter the ldap server address" printf "the default address = $I: " read I if [ "$I" = "" ]; then I=ldap://localhost:389 fi J='ou=people,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the ldap users" printf "the default base = $J: " read J if [ "$J" = "" ]; then J='ou=people,dc=fedora,dc=directory,dc=server' fi K='ou=groups,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the ldap groups" printf "the default base = $K: " read K if [ "$K" = "" ]; then K='ou=groups,dc=fedora,dc=directory,dc=server' fi L='ou=machines,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the Samba hosts" printf "the default base = $L: " read L if [ "$L" = "" ]; then L='ou=machines,dc=fedora,dc=directory,dc=server' fi M='ou=domains,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the Samba domain" printf "the default base = $M: " read M if [ "$M" = "" ]; then M='ou=domains,dc=fedora,dc=directory,dc=server' fi echo " serverURL: $I # list of users who are allowed to use LDAP Account Manager admins: $C # password to change these preferences via webfrontend passwd: $H # suffix of tree view treesuffix: $A # List of active account types. activeTypes: user,group,host,smbDomain types: suffix_user: $J types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount types: suffix_group: $K types: attr_group: #cn;#gidNumber;#memberUID;#description types: modules_group: posixGroup,sambaGroupMapping types: suffix_host: $L types: attr_host: #cn;#description;#uidNumber;#gidNumber types: modules_host: account,posixAccount,sambaSamAccount types: suffix_smbDomain: $M types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID types: modules_smbDomain: sambaDomain # maximum number of rows to show in user/group/host lists maxlistentries: 30 # default language (a line from config/language) defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain) # Path to external Script scriptPath: # Server of external Script scriptServer: # Number of minutes LAM caches LDAP searches. cachetimeout: 5 # Module settings modules: posixAccount_minUID: 0 modules: posixAccount_maxUID: 30000 modules: posixAccount_minMachine: 50000 modules: posixAccount_maxMachine: 60000 modules: posixGroup_minGID: 0 modules: posixGroup_maxGID: 20000 modules: posixGroup_pwdHash: SSHA modules: posixAccount_pwdHash: SSHA" > lam.conf echo "" #######################making samba share folders################################# mkdir /etc/samba/share/ mkdir /etc/samba/logs/ mkdir /etc/samba/netlogon/ mkdir /etc/samba/profiles/ chmod -R a+rwx /etc/samba/ echo " *********************************************************************************** ****************************Setup Samba******************************************** ***********************************************************************************" echo "" N=fedora echo "Enter the domain name" printf "the default base = $N: " read N if [ "$N" = "" ]; then N=fedora fi echo"" echo " [global] ldap user suffix = $J ldap machine suffix = $L ldap group suffix = $K ldap suffix = $A ldap admin dn = \"$C \" encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1 wins support = true ldap delete dn = no ldap passwd sync = yes os level = 50 security = user ldap replication sleep = 1000 [global] ;Basic server settings workgroup = $N comment = Samba %v Server ;Necessary for PDC to act as the domain and local master encrypt passwords = yes os level = 64 security = user domain logons = yes preferred master = yes domain master = yes local master = yes ;Where user profiles are stored logon path = \\%L\profiles\%U ;Location of user's home directory and where it should be mounted logon drive = H: logon home = \\%L\%U\ ;Sets the printing to CUPS printing = cups printcap = /etc/printcap load printers = yes ;Other global options socket options = TCP_NODELAY map to guest = Bad User ;Acts as a WINS server wins support = yes deadtime = 15 ;Necessary share for domain controller [netlogon] writeable = yes public = yes path = /etc/samba/netlogon write list = admin [profiles] path = /etc/samba/profiles writeable = yes create mask = 0600 directory mask = 0700 ;Home directoy shares (Mounts the user's home directory) [homes] comment = Linux Home directory space path = %H writeable = yes valid users = %S create mode = 0600 directory mode = 0700 locking = no ;A simple share of the /share directory [share] path = /etc/samba/share browseable = yes writeable = yes ;A share for the cdrom mounts at /media/cdrom [cdrom] comment = Linux CD-ROM path = /media/cdrom read only = yes locking = no root preexec = /bin/mount /dev/cdrom /media/cdrom root postexec = /bin/umount /media/cdrom ;Basic printer settings [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes" > smb.conf echo " ********************************************************************************* ******************************Setting up apache********************************** *********************************************************************************" echo "" O='/var/www/html/' echo "Enter the root directory of apache" printf "the default base = $O: " read O if [ "$O" = "" ]; then O='/var/www/html/' fi echo"" rm -f ldap.conf chmod a+rwx ldap-* cp -rf ldap* $O echo "go to https://localhost/ldap-acount-manager-X.XX/ to access the LAM web interface" echo "" echo " ********************************************************************************* *******************************configuring Samba********************************* *********************************************************************************" echo "" X=/etc/samba/smb.conf echo "Enter the path to your Samba file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/samba/smb.conf; fi cp $X $X.backup; cp smb.conf $X; echo "Your old Samba file has been backed up to $X.backup"; echo "" echo "Please enter the password you set for $C" printf "choose a secure password: " read X smbpasswd -w $X echo "" echo " ********************************************************************************* ******************************LAM config.cfg************************************* *********************************************************************************" echo "" X=/var/www/html/ldap*/config/ echo "Enter the path to your LAM config.cfg file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/var/www/html/ldap*/config/; fi cp config.cfg $X; echo "" echo " ********************************************************************************* *******************************LAM lam.conf************************************** *********************************************************************************" echo "" X=/var/www/html/ldap*/config/ echo "Enter the path to your lam.conf file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/var/www/html/ldap*/config/; fi cp lam.conf $X; echo "" echo " ********************************************************************************* ****************************Restarting the servers******************************* *********************************************************************************" echo "" /etc/init.d/httpd restart /etc/init.d/ldap restart /etc/init.d/smb restart echo " ********************************************************************************* ********************setting servers to start at boot***************************** *********************************************************************************" echo "" /sbin/chkconfig ldap on echo "ldap set to start on boot" /sbin/chkconfig smb on echo "samba set to start on boot" /sbin/chkconfig httpd on echo "Apache set to start on boot" chown apache:apache -R $O chmod a+rwx -R $O rm -rf config.cfg rm -rf lam.conf rm -rf lam.conf rm -rf ldap-account-manager* rm -rf slapd.conf rm -rf smb.conf echo " ********************************************************************************* ****************************LAM Instructions ************************************ *********************************************************************************" echo "" echo "Now go to your web browser and visit https://ip-address-of-lam-machine/ldap/ and finish off your configuration via the LAM web interface, make a root user/group with a UID/GID of 0 and then add your windows machine to the domain useing the root account and add the machine accounts" echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then samba fi } openldap(){ /usr/bin/clear echo " *********************************************************************************** ****************************Setup ldap File**************************************** ***********************************************************************************" echo "" A='dc=fedora,dc=directory,dc=server' echo "Enter the base for your ldap server" printf "the default base = $A: " read A if [ "$A" = "" ]; then A='dc=fedora,dc=directory,dc=server' fi echo "" B=mc1.fedora.directory.server echo "Enter the host for your ldap server" printf "the default host = $B: " read B if [ "$B" = "" ]; then B=mc1.fedora.directory.server fi echo " # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST $A BASE $B TLS_CAiCERTDIR /etc/openldap/cacerts" > ldap.conf echo " *********************************************************************************** ****************************Setup DB_CONFIG File*********************************** ***********************************************************************************" echo "" K='/etc/openldap/DB_CONFIG.example' echo "Enter the default DB_CONFIG file" printf "the default base = $K: " read K if [ "$K" = "" ]; then K='/etc/openldap/DB_CONFIG.example' cp $K /var/lib/ldap/ mv /var/lib/ldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG fi echo "" echo " *********************************************************************************** ****************************Setup slapd File*************************************** ***********************************************************************************" echo "" C='cn=Manager,dc=fedora,dc=directory,dc=server' echo "Enter the root cn for your ldap server" printf "the default cn = $C: " read C if [ "$C" = "" ]; then C='cn=Manager,dc=fedora,dc=directory,dc=server' fi echo "" echo "Lets set a password for $C" D=`/usr/sbin/slappasswd` echo "" echo "Lets set a password for $C" printf "Choose a secure password: " read X smbpasswd -w $X echo "" echo " include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix \"$A\" rootdn \"$C\" rootpw $D directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub " > slapd.conf E='Fedora Directory Server' echo "Enter the organization name for your ldap server" printf "the default organization name = $E: " read E if [ "$E" = "" ]; then E='Fedora Directory Server' fi echo "" F=Fedora echo "Enter the DC for your ldap server" printf "the default cn = $F: " read F if [ "$F" = "" ]; then F=Fedora fi echo "" echo " dn: $A objectclass: dcobject objectClass: organization o: $E dc: $F" > /tmp/domain.ldif echo " dn: ou=groups,$A ou: groups objectclass: top objectclass: organizationalUnit" > /tmp/groups.ldif echo " dn: ou=machines,$A ou: machines objectclass: top objectclass: organizationalUnit" > /tmp/machines.ldif echo " dn: ou=people,$A ou: people objectclass: top objectclass: organizationalUnit" > /tmp/users.ldif echo " dn: ou=domains,$A ou: domains objectclass: top objectclass: organizationalUnit" > /tmp/domains.ldif ############################### setup ldap ############################# echo " ********************************************************************************* ******************************configuring LDAP******************************* *********************************************************************************" echo "" X=/etc/openldap/ldap.conf echo "Enter the path to your ldap file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/ldap.conf; fi cp $X $X.backup; cp ldap.conf $X; echo "Your old ldap file has been backed up to $X.backup"; echo "" ############################### setup slapd ############################# echo " ********************************************************************************* ******************************configuring SLAPD******************************* *********************************************************************************" echo "" X=/etc/openldap/slapd.conf echo "Enter the path to your slapd file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/slapd.conf; fi cp $X $X.backup; cp slapd.conf $X; echo "Your old slapd file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************starting ldap server******************************* *********************************************************************************" echo "" /etc/init.d/ldap restart echo "" ldapadd -x -D $C -W -f /tmp/domain.ldif -h localhost ldapadd -x -D $C -W -f /tmp/users.ldif -h localhost ldapadd -x -D $C -W -f /tmp/groups.ldif -h localhost ldapadd -x -D $C -W -f /tmp/machines.ldif -h localhost ldapadd -x -D $C -W -f /tmp/domains.ldif -h localhost echo "" echo "Now you might want to look into getting a Web or GUI based interface into OpenLDAP like LAM (LDAP Account Manager or phpLDAPadmin and set it up" echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then openldap fi } ############### Postprocess checking: ########################################## postprocess(){ /usr/bin/clear rm -f $TMP exit 0 } ############### Main: ########################################################## mainmenu exit $? ############### ServerSetup END ################################################ # This software was made with the help of # Squidmanage v0.5 Matt Keadle (c) 02-14-2002 # Released under the terms of the GPL. # found on http://mkeadle.org/ #!/bin/bash #