mirror of
https://github.com/bashclub/zamba-lxc-toolbox.git
synced 2024-12-24 11:20:13 +01:00
Add smb/cups server draft
This commit is contained in:
parent
38590ee60a
commit
4520ebb17a
26
src/zmb-cups/constants-service.conf
Normal file
26
src/zmb-cups/constants-service.conf
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
# This file contains the project constants on service level
|
||||||
|
|
||||||
|
# Debian Version, which will be installed
|
||||||
|
LXC_TEMPLATE_VERSION="debian-12-standard"
|
||||||
|
|
||||||
|
# Create sharefs mountpoint
|
||||||
|
LXC_MP="0"
|
||||||
|
|
||||||
|
# Create unprivileged container
|
||||||
|
LXC_UNPRIVILEGED="0"
|
||||||
|
|
||||||
|
# enable nesting feature
|
||||||
|
LXC_NESTING="1"
|
||||||
|
|
||||||
|
# Sets the minimum amount of RAM the service needs for operation
|
||||||
|
LXC_MEM_MIN=1024
|
||||||
|
|
||||||
|
# service dependent meta tags
|
||||||
|
SERVICE_TAGS="samba,member,fileserver"
|
106
src/zmb-cups/install-service.sh
Normal file
106
src/zmb-cups/install-service.sh
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
source /root/functions.sh
|
||||||
|
source /root/zamba.conf
|
||||||
|
source /root/constants-service.conf
|
||||||
|
|
||||||
|
echo "deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
|
||||||
|
|
||||||
|
apt update
|
||||||
|
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
|
||||||
|
|
||||||
|
mv /etc/krb5.conf /etc/krb5.conf.bak
|
||||||
|
cat > /etc/krb5.conf <<EOF
|
||||||
|
[libdefaults]
|
||||||
|
default_realm = $ZMB_REALM
|
||||||
|
ticket_lifetime = 600
|
||||||
|
dns_lookup_realm = true
|
||||||
|
dns_lookup_kdc = true
|
||||||
|
renew_lifetime = 7d
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
|
||||||
|
klist
|
||||||
|
|
||||||
|
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
|
||||||
|
cat > /etc/samba/smb.conf <<EOF
|
||||||
|
[global]
|
||||||
|
workgroup = $ZMB_DOMAIN
|
||||||
|
security = ADS
|
||||||
|
realm = $ZMB_REALM
|
||||||
|
server string = %h server
|
||||||
|
|
||||||
|
vfs objects = acl_xattr shadow_copy2
|
||||||
|
map acl inherit = Yes
|
||||||
|
store dos attributes = Yes
|
||||||
|
idmap config *:backend = tdb
|
||||||
|
idmap config *:range = 3000000-4000000
|
||||||
|
idmap config *:schema_mode = rfc2307
|
||||||
|
username map = /etc/samba/user.map
|
||||||
|
|
||||||
|
winbind refresh tickets = Yes
|
||||||
|
winbind use default domain = Yes
|
||||||
|
winbind separator = /
|
||||||
|
winbind nested groups = yes
|
||||||
|
winbind nss info = rfc2307
|
||||||
|
|
||||||
|
pam password change = Yes
|
||||||
|
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
|
||||||
|
passwd program = /usr/bin/passwd %u
|
||||||
|
|
||||||
|
template homedir = /home/%U
|
||||||
|
template shell = /bin/bash
|
||||||
|
bind interfaces only = Yes
|
||||||
|
interfaces = lo eth0
|
||||||
|
log file = /var/log/samba/log.%m
|
||||||
|
logging = syslog
|
||||||
|
max log size = 1000
|
||||||
|
panic action = /usr/share/samba/panic-action %d
|
||||||
|
|
||||||
|
dns proxy = No
|
||||||
|
shadow: snapdir = .zfs/snapshot
|
||||||
|
shadow: sort = desc
|
||||||
|
shadow: format = -%Y-%m-%d-%H%M
|
||||||
|
shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\}
|
||||||
|
shadow: delimiter = -20
|
||||||
|
printing = CUPS
|
||||||
|
rpcd_spoolss:idle_seconds=300
|
||||||
|
rpcd_spoolss:num_workers = 10
|
||||||
|
spoolss: architecture = Windows x64
|
||||||
|
|
||||||
|
[printers]
|
||||||
|
path = /var/tmp/
|
||||||
|
printable = yes
|
||||||
|
|
||||||
|
[print$]
|
||||||
|
path = /var/lib/samba/printers
|
||||||
|
read only = no
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl restart smbd
|
||||||
|
|
||||||
|
echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
|
||||||
|
sed -i "s|files systemd|files systemd winbind|g" /etc/nsswitch.conf
|
||||||
|
sed -i "s|#WINBINDD_OPTS=|WINBINDD_OPTS=|" /etc/default/winbind
|
||||||
|
echo -e "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session
|
||||||
|
|
||||||
|
systemctl restart winbind nmbd
|
||||||
|
|
||||||
|
chown -R ${ZMB_ADMIN_USER}:"domain admins" /var/lib/samba/printers
|
||||||
|
chmod -R 2775 /var/lib/samba/printers
|
||||||
|
setfacl -Rb /var/lib/samba/printers
|
||||||
|
setfacl -Rm u:${ZMB_ADMIN_USER}:rwx,g:"domain admins":rwx,g:"NT Authority/authenticated users":r--,g:"NT Authority/system":rwx,o::--- /var/lib/samba/printers
|
||||||
|
setfacl -Rdm u:${ZMB_ADMIN_USER}:rwx,g:"domain admins":rwx,g:"NT Authority/authenticated users":r--,g:"NT Authority/system":rwx,o::--- /var/lib/samba/printers
|
||||||
|
echo -e "${ZMB_ADMIN_PASS}" | net rpc rights grant "${ZMB_DOMAIN}\\Domain Admins" SePrintOperatorPrivilege -U "${ZMB_DOMAIN}\\${ZMB_ADMIN_USER}"
|
||||||
|
echo -e "!root = ${ZMB_DOMAIN}\\administrator ${ZMB_DOMAIN}\\Administrator" > /etc/samba/user.map
|
||||||
|
|
||||||
|
cupsctl --remote-admin
|
||||||
|
|
||||||
|
systemctl restart cups smbd nmbd winbind wsdd
|
Loading…
Reference in New Issue
Block a user