Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
linux_faq:ubuntu_setup_script [2017/07/05 06:04] adminlinux_faq:ubuntu_setup_script [2019/07/03 19:58] admin
Line 1: Line 1:
 +В скрипте в секции **Set needed Variables** надо задать только имя хоста.
 +Остальные параметры (**DNS**, **domain-name**, **DOMAIN controllers**) скрипт получает из **DHCP** и **DNS**. 
 +
 +Запускать так: **sudo ./script.sh** \\
 +Сделать: \\
 +
 +3. http://kerberos.996246.n3.nabble.com/Pending-quot-gss-init-sec-context-failed-Unspecified-GSS-failure-quot-td22422.html
 +I had the same problem/error and fixed it by adding "allow_weak_crypto = true" under [libdefaults] in /etc/krb5.conf 
 +This works for me, at least on Debian Squeeze, Ubuntu Karmic, and Ubuntu Lucid. 
 +This was announced in /usr/share/doc/libkrb5-3/NEWS.Debian.gz. 
 +Hope this helps. \\
 +
 +
 + <code>
 +#! /bin/bash
 +
 +####################################
 +#### Set needed Variables
 +####################################
 +CONNECTION=`ip link | grep 'state UP' | awk '{ print $2 }' | sed 's/:$//'`
 +NEW_DOMAINNAME=`grep 'option domain-name' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/"//g;s/;//g'`
 +DNS_SERVERS=`grep 'option domain-name-servers' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/,/ /g;s/;//g'`
 +DNS_STATIC_SEARCHLIST="$NEW_DOMAINNAME sberbank.ru"
 +DOMAIN_CONTROLLERS=`host -t srv _ldap._tcp.$NEW_DOMAINNAME | awk {'print $8'} | sed 's/.$//g'`
 +DEFAULT_REALM="${NEW_DOMAINNAME^^}"
 +NETBIOS_DOMAIN_NAME=$(echo $DEFAULT_REALM | sed  '1,$ s/\..*//g')
 +CA_CERT_PREFIX="SberBank_Root_CA"
 +
 +# check root
 +if [ "$(id -u)" != "0" ]; then
 +  echo "You do not have the appropriate privileges..."
 +  exit 1
 +fi
 +
 +##############################################
 +### Disable IPv6
 +##############################################
 +cp /etc/sysctl.conf /etc/sysctl.conf.bak_`date +"%d.%m.%y_%H-%M"`
 +sed -i '/^net.ipv6.conf/D' /etc/sysctl.conf
 +echo 'net.ipv6.conf.all.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
 +echo 'net.ipv6.conf.default.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
 +echo 'net.ipv6.conf.lo.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
 +sysctl -p
 +
 +##############################################
 +### Setting up NameServers
 +##############################################
 +echo "search $DNS_STATIC_SEARCHLIST" | sudo tee -a /etc/resolvconf/resolv.conf.d/base
 +echo -ne > /etc/resolvconf/resolv.conf.d/head
 +for nameserver in $DNS_SERVERS; do echo "nameserver $nameserver" | sudo tee -a /etc/resolvconf/resolv.conf.d/head ;done
 +resolvconf -u
 +
 +###########################################
 +### Add Certificates
 +###########################################
 +openssl s_client -showcerts -connect ya.ru:443 </dev/null > chain.pem
 +csplit -k -f $CA_CERT_PREFIX ./chain.pem '/END CERTIFICATE/+1' {10}
 +find ./ -iname $CA_CERT_PREFIX\* -type f -exec grep -F -L 'END CERTIFICATE' '{}' + | xargs -d '\n' rm
 +for file in "$CA_CERT_PREFIX"* ; do sudo mv "$file" /usr/local/share/ca-certificates/"$file".pem ; done
 +for file in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ; do sudo cp "$file" /etc/ssl/certs/ ; done
 +c_rehash /etc/ssl/certs/
 +c_rehash /usr/local/share/ca-certificates/
 +update-ca-certificates
 +rm -f ./chain.pem
 +
 +####################################
 +#### Setup Software
 +####################################
 +#echo "deb http://ppa.launchpad.net/kubuntu-ppa/backports/ubuntu xenial main" > /etc/apt/sources.list.d/kubuntu-ppa.list
 +#apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8AC93F7A
 +#echo "deb https://tel.red/repos/ubuntu xenial non-free" > /etc/apt/sources.list.d/telred.list
 +#apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE49F8C5
 +#echo "deb [arch=amd64] http://repo.yandex.ru/yandex-browser/deb beta main" > /etc/apt/sources.list.d/yandex-browser.list
 +#curl -k https://repo.yandex.ru/yandex-browser/YANDEX-BROWSER-KEY.GPG | sudo apt-key add -
 +
 +apt-get update
 +apt-get -y upgrade
 +#apt-get -y install kubuntu-full
 +apt-get -y install kubuntu-desktop
 +apt-get -y install xorg
 +apt-get -y install nano curl openssl libnss3-tools \
 +chrony krb5-config krb5-locales krb5-user libpam-krb5 \
 +samba smbclient winbind libpam-winbind libnss-winbind gss-ntlmssp \
 +ldap-utils cifs-utils libsasl2-modules-gssapi-mit \
 +libreoffice-l10n-ru aspell-ru language-pack-gnome-ru language-pack-gnome-ru-base \
 +language-pack-ru language-pack-ru-base language-pack-kde-ru \
 +evolution evolution-ews evolution-plugins desktop-file-utils \
 +xvfb myspell-ru build-essential libc6-i386
 +
 +apt-get -y --allow-unauthenticated install flashplugin-installer yandex-browser-beta
 +#apt-get -y install sky
 +#apt-get install clamav tightvncserver
 +###  http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20170411.1.orig.tar.gz
 +curl -o /tmp/adobe-flashplugin_20170411.1.orig.tar.gz \
 +http://szud-linux-repo.sigma.sbrf.ru/adobe-flashplugin_20170411.1.orig.tar.gz \
 +&& /usr/lib/flashplugin-installer/install_plugin \
 +/tmp/adobe-flashplugin_20170411.1.orig.tar.gz \
 +&& rm /tmp/adobe-flashplugin_20170411.1.orig.tar.gz
 +
 +#####################################################################
 +### Download and install Citrix VDA
 +#####################################################################
 +curl -o ./VDA.deb http://szud-linux-repo.sigma.sbrf.ru/xendesktopvda_7.13.0.382-1.Kubuntu16.04_amd64.deb && apt-get -y install ./VDA.deb && rm -f ./VDA.deb
 +
 +###############################################
 +### Setup Services
 +###############################################
 +systemctl enable ssh
 +systemctl enable nmbd.service
 +systemctl enable samba.service
 +systemctl enable winbind.service
 +#############################################
 +#### Setting sudo
 +#############################################
 +cat <<EOF > /etc/sudoers.d/domain_users
 +localuser       ALL=(ALL) ALL
 +%$NETBIOS_DOMAIN_NAME\\\\domain\ users          ALL=(ALL) ALL
 +%domain\ users          ALL=(ALL) ALL
 +%$NETBIOS_DOMAIN_NAME\\\\domain\ admins      ALL=(ALL) NOPASSWD: ALL
 +%domain\ admins      ALL=(ALL) NOPASSWD: ALL
 +EOF
 +
 +sed -i "/^Defaults\ targetpw.*\$/ s/^/#/" /etc/sudoers
 +sed -i "/^Defaults\ env_reset.*\$/ s/\ env_reset/\ \!env_reset/" /etc/sudoers
 +sed -i "/^ALL.*ALL=(ALL).*\$/ s/^/#/" /etc/sudoers
 +
 +############################################################
 +#### Suppress PolKit prompt messages
 +############################################################
 +#cat <<EOF > /etc/polkit-1/localauthority/50-local.d/allow_all.pkla
 +#[Do not prompt users with any messages]
 +#Identity=unix-user:*
 +#Action=*
 +#ResultAny=yes
 +#ResultInactive=yes
 +#EOF
 +
 +cat <<EOF > /etc/polkit-1/localauthority/50-local.d/55-inhibit-shutdown.pkla
 +[Disable PowerOff, Reboot, Hibernate, Suspend]
 +Identity=unix-user:*
 +Action=org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
 +ResultAny=no
 +ResultInactive=no
 +ResultActive=no
 +EOF
 +
 +cat <<EOF > /etc/polkit-1/localauthority/50-local.d/60-inhibit-network-changes.pkla
 +[Disable PowerOff, Reboot, Hibernate, Suspend]
 +Identity=unix-user:*
 +Action=org.freedesktop.NetworkManager.*
 +ResultAny=no
 +ResultInactive=no
 +ResultActive=no
 +EOF
 +
 +#########################################
 +### Setup NTP servers
 +#########################################
 +sed -i "/^pool.*\$/ s/^/#/" /etc/chrony/chrony.conf
 +sed -i "/^server.*\$/ s/^/#/" /etc/chrony/chrony.conf
 +
 +for dc in $DOMAIN_CONTROLLERS;
 +do
 +echo "server $dc iburst" | sudo tee -a /etc/chrony/chrony.conf
 +done
 +
 +#########################################
 +### Setup Kerberos /etc/krb5.conf
 +#########################################
 +LIBDEFAULTS=$(cat <<EOF
 +[libdefaults]
 +dns_lookup_kdc = true
 +dns_lookup_realm = false
 +default_realm = $DEFAULT_REALM
 +clockskew = 300
 +default_ccache_name = FILE:/tmp/krb5cc_%{uid}
 +EOF
 +)
 +
 +REALMS_KDC=$(for i in $DOMAIN_CONTROLLERS; do echo "kdc = $i";done)
 +
 +REALMS=$(cat <<EOF
 +
 +[realms]
 +$DEFAULT_REALM = {
 +$REALMS_KDC
 +default_domain = $DEFAULT_REALM
 +}
 +EOF
 +)
 +
 +DOMAIN_REALM=$(cat <<EOF
 +
 +[domain_realm]
 +.$NEW_DOMAINNAME = $DEFAULT_REALM
 +$NEW_DOMAINNAME = $DEFAULT_REALM
 +
 +[appdefaults]
 +pam = {
 +        ticket_lifetime = 1d
 +        renew_lifetime = 1d
 +        forwardable = true
 +        proxiable = false
 +        minimum_uid = 1
 +}
 +EOF
 +)
 +
 +echo "$LIBDEFAULTS" > /etc/krb5.conf
 +echo "$REALMS" >> /etc/krb5.conf
 +echo "$DOMAIN_REALM" >> /etc/krb5.conf
 +
 +########################################
 +#### Configure /etc/samba/smb.conf
 +########################################
 +SMB_CONF=$(cat <<EOF
 +# smb.conf is the main Samba configuration file. You find a full commented
 +# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
 +# samba-doc package is installed.
 +[global]
 +        workgroup = $NETBIOS_DOMAIN_NAME
 +        passdb backend = tdbsam
 +        map to guest = Bad User
 +        include = /etc/samba/dhcp.conf
 +        usershare allow guests = No
 +        idmap gid = 10000-20000
 +        idmap uid = 10000-20000
 +        realm = $DEFAULT_REALM
 +        security = ADS
 +        template homedir = /home/%D/%U
 +        template shell = /bin/bash
 +        usershare max shares = 100
 +        encrypt passwords = yes
 +        kerberos method = secrets and keytab
 +        winbind nested groups = yes
 +        winbind offline logon = yes
 +        winbind refresh tickets = yes
 +        winbind use default domain = yes
 +        dns proxy = no
 +        domain master = no
 +        local master = no
 +        preferred master = no
 +        load printers = no
 +        show add printer wizard = no
 +        printcap name = /dev/null
 +        disable spoolss = yes
 +        client use spnego = yes
 +        client ntlmv2 auth = yes
 +EOF
 +)
 +
 +mv /etc/samba/smb.conf /etc/samba/smb.conf.bak_`date +"%d.%m.%y_%H-%M"`
 +echo "$SMB_CONF" > /etc/samba/smb.conf
 +
 +########################################
 +#### Configure /etc/nsswitch.conf
 +########################################
 +sed -i '/^passwd:.*compat$/ s/$/ winbind/' /etc/nsswitch.conf
 +sed -i '/^group:.*compat$/ s/$/ winbind/' /etc/nsswitch.conf
 +sed -i '/^hosts:/ s/:.*$/: files dns/' /etc/nsswitch.conf
 +
 +##########################################
 +#### Configure PAM
 +##########################################
 +sed -i "/^Default:.*\$/ s/:.*$/: yes/" /usr/share/pam-configs/mkhomedir
 +sed -i '/^mkhomedir/D' /var/lib/pam/seen
 +pam-auth-update --package
 +################################################################
 +### Fix /etc/pam.d/sddm to allow copy /etc/skel/ on first logon
 +### https://wiki.autosys.tk/doku.php?id=linux_faq:kde_not_copying_etc_skel_on_user_first_login
 +################################################################
 +sed -i '/pam_kwallet/ s/^/#/g' /etc/pam.d/sddm
 +
 +#################################################
 +### Disable autologin
 +#################################################
 +#sed -i "/^DISPLAYMANAGER_AUTOLOGIN=.*\$/ s/=.*$/=\"\"/" /etc/sysconfig/displaymanager
 +
 +#####################################################
 +#### Set SDDM Theme to allow input Username
 +#####################################################
 +cp /usr/share/sddm/themes/breeze/Login.qml /usr/share/sddm/themes/breeze/Login.qml.bak_`date +"%d.%m.%y_%H-%M"`
 +sed -i "/^.*property bool showUsernamePrompt:.*\$/ s/:.*$/: true/" /usr/share/sddm/themes/breeze/Login.qml
 +
 +#######################################################
 +#### Import CA Certificates into Browsers
 +#   http://blog.xelnor.net/firefox-systemcerts/
 +#######################################################
 +HOMEDIR=$(getent passwd $SUDO_USER | cut -d: -f6)
 +apt-get -y install libnss3-tools
 +rm -Rf $HOMEDIR/.mozilla
 +rm -Rf $HOMEDIR/.pki
 +
 +########################################################
 +#### Create and fill cert8.db in Firefox Profile
 +########################################################
 +killall firefox
 +sudo -u  $SUDO_USER xvfb-run --server-args="-screen 0, 1280x1024x24" firefox -CreateProfile default
 +FirefoxProfileDir=$(find $HOMEDIR'/.mozilla/firefox/' -iname '*.default');
 +for certificateFile in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ;
 +do
 + certutil -A -n "${certificateFile}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${FirefoxProfileDir}
 +done
 +chmod -R a+rw $HOMEDIR/.mozilla/firefox/*
 +
 +################################################################################
 +#### Import certificates into nssdb for Chromium engine
 +################################################################################
 +mkdir --parents $HOMEDIR/.pki/nssdb
 +echo 1q2w3e4r | sudo tee $HOMEDIR/.pki/nssdb/password-file
 +certutil -N -f $HOMEDIR/.pki/nssdb/password-file -d $HOMEDIR/.pki/nssdb
 +for certificateFile in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ;
 +do
 + certutil -f $HOMEDIR/.pki/nssdb/password-file -A -n "${certificateFile}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d sql:$HOMEDIR/.pki/nssdb
 +done
 +chmod -R a+rw $HOMEDIR/.pki/nssdb/*
 +
 +#########################################################
 +### Copy databases with imported certs to default profile
 +#########################################################
 +rm -Rf /etc/skel/.pki/nssdb/*
 +rm -Rf /etc/skel/.mozilla/firefox/*
 +mkdir --parents /etc/skel/.pki/nssdb/
 +cp -Rf $HOMEDIR/.pki/nssdb/* /etc/skel/.pki/nssdb/
 +mkdir --parents /etc/skel/.mozilla/firefox/
 +cp -Rf $HOMEDIR/.mozilla/firefox/* /etc/skel/.mozilla/firefox/
 +
 +############################################################
 +### Setup Evolution Mail Client
 +############################################################
 +### Force Evolution Mail to be online
 +############################################################
 +mkdir --parents /etc/skel/.config/plasma-workspace/env/
 +cat <<EOF > /etc/skel/.config/plasma-workspace/env/evolution.sh
 +#!/bin/bash
 +export LANG=ru_RU.utf8
 +export LANGUAGE=ru_RU
 +export GIO_USE_NETWORK_MONITOR=base
 +EOF
 +##############################################################
 +### Create Evolution EWS Autodiscovery Script
 +##############################################################
 +mkdir --parents /etc/skel/.config/autostart-scripts/
 +cat <<ENDOFSCRIPT > /etc/skel/.config/autostart-scripts/ews_autodiscovery.sh
 +#! /bin/bash
 +
 +export GIO_USE_NETWORK_MONITOR=base
 +DOMAINNAME=\`hostname -d\`
 +##################################################
 +### Check if Evolution EWS source file exist
 +##################################################
 +if [ -f ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.1.source ]; then
 +echo
 +else
 +##########################################
 +## Check if connected to AD
 +##########################################
 +if ! wbinfo -P; then
 +echo "NETLOGON test failed" >> ~/.ews_setup.log
 +else
 +echo "NETLOGON test OK" >> ~/.ews_setup.log
 +
 +CURRENT_DC=\`wbinfo -P | awk '{print \$9}' | awk -F "\"" '{print \$2}'\`
 +FULL_NAME=\`wbinfo -i \$USER | awk -F ":" '{print \$5}'\`
 +BASEDN=\`echo \$CURRENT_DC | sed s/^[^.]*.//g | sed s/"\."/,dc=/g | sed s/^/dc=/\`
 +MAIL=\`ldapsearch -h \$CURRENT_DC -b "\$BASEDN" "sAMAccountName=\$USER" | grep mail: | awk '{print \$2 }'\`
 +
 +###############################################################################################
 +### MS Exchange autodiscovery
 +#### https://github.com/sys4/automx/blob/master/src/automx-test
 +#### http://stackoverflow.com/questions/38509837/when-using-negotiate-with-curl-is-a-keytab-file-required
 +#### Joined AD with samba/winbind and have package gss-ntlmssp
 +###############################################################################################
 +AUTOD_URL="https://autodiscover.\`echo \$MAIL | sed 's/^.*@//'\`"/autodiscover/autodiscover.xml
 +REQUEST=\$(cat <<EOF
 +<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
 +<Request>
 +<EMailAddress>\$MAIL</EMailAddress>
 +<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
 +</Request>
 +</Autodiscover>
 +EOF
 +)
 +
 +bash -c "curl -k -d '\$REQUEST' --header \"Content-Type: text/xml\" -s --negotiate -u : \$AUTOD_URL" > ~/.autodiscover.xml
 +OABUrl=\$(cat ~/.autodiscover.xml | grep -m 1 OABUrl | awk -F '[<>]' '{ print \$3 }')oab.xml
 +EwsUrl=\$(cat ~/.autodiscover.xml | grep -m 1 EwsUrl | awk -F '[<>]' '{ print \$3 }')
 +EwsHost=\$(echo \$EwsUrl | awk -F '/' '{ print \$3 }')
 +rm ~/.autodiscover.xml
 +
 +echo CURRENT_DC - \$CURRENT_DC > ~/.ews_setup.log
 +echo FULL_NAME - \$FULL_NAME >> ~/.ews_setup.log
 +echo BASEDN - \$BASEDN >> ~/.ews_setup.log
 +echo MAIL - \$MAIL >> ~/.ews_setup.log
 +echo DOMAINNAME - \$DOMAINNAME >> ~/.ews_setup.log
 +echo OABUrl - \$OABUrl >> ~/.ews_setup.log
 +echo EwsUrl - \$EwsUrl >> ~/.ews_setup.log
 +echo EwsHost - \$EwsHost >> ~/.ews_setup.log
 +################################################################
 +### Check URLs format
 +################################################################
 +echo \$OABUrl | grep -E '(https|http)://(([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/(oab|OAB)([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/oab.xml)'
 +OAB_URL_Check=\$?
 +echo \$EwsUrl | grep -E '(https|http)://(([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/(ews|EWS)([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/exchange.asmx)'
 +EWS_URL_Check=\$?
 +
 +if [ \$OAB_URL_Check != 0 ] || [ \$EWS_URL_Check != 0 ]; then
 +echo "OAB and EWS URLs check failed... Exit..." >> ~/.ews_setup.log
 +else
 +echo "OAB and EWS URLs check OK" >> ~/.ews_setup.log
 +
 +######################################################################
 +### CleaningUp and creating evolution source files
 +######################################################################
 +killall evolution-source-registry
 +rm -Rf ~/.config/evolution/sources
 +mkdir --parents ~/.config/evolution/sources
 +
 +#####################################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.1.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=
 +
 +[Offline]
 +StaySynchronized=true
 +
 +[Authentication]
 +Host=\$EwsHost
 +Method=GSSAPI
 +Port=443
 +ProxyUid=system-proxy
 +RememberPassword=true
 +User=\$USER
 +CredentialName=
 +
 +[Collection]
 +BackendName=ews
 +CalendarEnabled=true
 +ContactsEnabled=true
 +Identity=\$USER
 +MailEnabled=true
 +
 +[Security]
 +Method=none
 +
 +[Ews Backend]
 +FilterInbox=true
 +StoreChangesInterval=3
 +CheckAll=true
 +ListenNotifications=true
 +Email=\$MAIL
 +FilterJunk=true
 +FilterJunkInbox=false
 +FoldersInitialized=true
 +GalUid=ews.\$USER.\$DOMAINNAME
 +Hosturl=\$EwsUrl
 +Oaburl=\$OABUrl
 +OabOffline=true
 +OalSelected=
 +Timeout=300
 +UseImpersonation=false
 +ImpersonateUser=
 +EOF
 +
 +######################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.0.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=ews.\$USER.\$DOMAINNAME.1
 +
 +[Mail Composition]
 +Bcc=
 +Cc=
 +DraftsFolder=folder://ews.\$USER.\$DOMAINNAME/%d0%a7%d0%b5%d1%80%d0%bd%d0%be%d0%b2%d0%b8%d0%ba%d0%b8
 +SignImip=true
 +TemplatesFolder=folder://local/Templates
 +
 +[Mail Identity]
 +Address=\$MAIL
 +Name=\$FULL_NAME
 +Organization=
 +ReplyTo=
 +SignatureUid=none
 +
 +[Mail Submission]
 +SentFolder=folder://ews.\$USER.\$DOMAINNAME/%d0%9e%d1%82%d0%bf%d1%80%d0%b0%d0%b2%d0%bb%d0%b5%d0%bd%d0%bd%d1%8b%d0%b5
 +TransportUid=ews.\$USER.\$DOMAINNAME.13
 +RepliesToOriginFolder=false
 +EOF
 +
 +######################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.3.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=ews.\$USER.\$DOMAINNAME.1
 +
 +[Refresh]
 +Enabled=true
 +IntervalMinutes=3
 +
 +[Mail Account]
 +BackendName=ews
 +IdentityUid=ews.\$USER.\$DOMAINNAME
 +ArchiveFolder=
 +EOF
 +
 +###############################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.13.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=ews.\$USER.\$DOMAINNAME.1
 +
 +[Mail Transport]
 +BackendName=ews
 +EOF
 +
 +################################################################################
 +cat <<EOF > ~/.config/evolution/sources/local.source
 +# Special built-in mail store.
 +[Data Source]
 +DisplayName=On This Computer
 +Enabled=false
 +Parent=
 +
 +[Mail Account]
 +BackendName=maildir
 +IdentityUid=self
 +ArchiveFolder=
 +
 +[Maildir Backend]
 +FilterInbox=true
 +Path=\$HOME/.local/share/evolution/mail/local
 +EOF
 +
 +########################################################################
 +cat <<EOF > ~/.config/evolution/sources/vfolder.source
 +# Special built-in mail store.
 +
 +[Data Source]
 +DisplayName=Search Folders
 +Enabled=false
 +Parent=
 +
 +[Mail Account]
 +BackendName=vfolder
 +IdentityUid=self
 +ArchiveFolder=
 +
 +[Vfolder Backend]
 +FilterInbox=true
 +EOF
 +
 +##########################################################################
 +mkdir --parents ~/.config/evolution/mail/
 +cat <<EOF > ~/.config/evolution/mail/state.ini
 +[GlobalFolder]
 +GroupByThreads=false
 +PreviewVisible=true
 +
 +[Store ews.\$USER.\$DOMAINNAME.3]
 +Expanded=true
 +
 +[Search Bar]
 +SearchScope=mail-scope-current-folder
 +SearchOption=mail-search-subject-or-addresses-contain
 +
 +[Folder Tree]
 +Selected=folder://ews.\$USER.\$DOMAINNAME.3/%d0%92%d1%85%d0%be%d0%b4%d1%8f%d1%89%d0%b8%d0%b5
 +
 +[Folder folder://ews.\$USER.\$DOMAINNAME.3/%d0%92%d1%85%d0%be%d0%b4%d1%8f%d1%89%d0%b8%d0%b5]
 +GroupByThreads=false
 +PreviewVisible=true
 +Expanded=true
 +
 +EOF
 +
 +fi
 +fi
 +fi
 +ENDOFSCRIPT
 +
 +chmod +x /etc/skel/.config/autostart-scripts/ews_autodiscovery.sh
 +
 +#############################################################
 +### Disable Screen Locker By Default
 +#############################################################
 +mkdir --parents /etc/skel/.config/
 +cat <<EOF > /etc/skel/.config/kscreenlockerrc
 +[Daemon]
 +Autolock=false
 +EOF
 +
 +#########################################################
 +### Disable KDEWallet By Default
 +#########################################################
 +mkdir --parents /etc/skel/.config
 +cat <<EOF > /etc/skel/.config/kwalletrc
 +[Wallet]
 +Enabled=false
 +EOF
 +
 +############################################################
 +### Enable Autostart apps
 +############################################################
 +mkdir --parents /etc/skel/.config/autostart/
 +cp /usr/share/applications/sky.desktop /etc/skel/.config/autostart/
 +
 +##########################################################
 +###Change Default Desktop View to Folder
 +##########################################################
 +cp /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults.bak_`date +"%d.%m.%y_%H-%M"`
 +sed -i '/Containment=/ s/org.kde.desktopcontainment$/org.kde.plasma.folder/' /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults
 +
 +#############################################################
 +### Disable Desktop Effects By Default (Compositor)
 +#############################################################
 +cat <<EOF > /etc/skel/.config/kwinrc
 +[Compositing]
 +Enabled=false
 +EOF
 +
 +#########################################################
 +### Create Default Shortcuts
 +#########################################################
 +mkdir --parents /etc/skel/Desktop
 +cp /usr/share/applications/evolution.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/libreoffice-calc.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/libreoffice-writer.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/libreoffice-impress.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/yandex-browser-beta.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/org.kde.konsole.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/org.kde.dolphin.desktop /etc/skel/Desktop/
 +
 +chmod +x /etc/skel/Desktop/*
 +
 +###############################################################################
 +### Modifying KDE default panel settings
 +### https://forum.kde.org/viewtopic.php?f=67&t=94534#p193422
 +### http://askubuntu.com/questions/897979/unable-to-populate-a-kde-quicklaunch-widget-via-the-plasma-scripting-interface
 +##############################################################################
 +cp /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js.bak_`date +"%d.%m.%y_%H-%M"`
 +#########################################################
 +#### Change kickoff menu to kicker by default for new users
 +#### org.kde.plasma.kickoff -> org.kde.plasma.kicker
 +#########################################################
 +sed -i 's/kickoff/kicker/g' /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +###########################################################################
 +#### Add quick launchers
 +############################################################################
 +QUICKLAUNCHERS=$(cat <<EOF
 +
 +//Add QuickLaunchers
 +var quicklaunch = panel.addWidget("org.kde.plasma.quicklaunch");
 +var qlurls = ["file:///usr/share/applications/yandex-browser-beta.desktop",
 +          "file:///usr/share/applications/evolution.desktop",
 +          "file:///usr/share/applications/libreoffice-writer.desktop",
 +          "file:///usr/share/applications/libreoffice-calc.desktop",
 +          "file:///usr/share/applications/org.kde.dolphin.desktop",
 +          "file:///usr/share/applications/org.kde.konsole.desktop"
 +         ];
 +quicklaunch.currentConfigGroup = ["General"];
 +quicklaunch.writeConfig("launcherUrls", qlurls);
 +EOF
 +)
 +
 +grep -q "//Add QuickLaunchers" /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +[ $? -ne 0 ] && while read line
 +do
 +        echo "$line" >> /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new
 +        echo "$line" | grep -q "kicker.writeConfig"
 +        [ $? -eq 0 ] && echo "$QUICKLAUNCHERS" >> /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new
 +done < /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +
 +mv /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +
 +###########################################################################################
 +### Enable Russian Locale
 +###########################################################################################
 +locale-gen ru_RU.UTF-8
 +update-locale LANG="ru_RU.UTF-8" LANGUAGE="ru_RU"
 +mkdir --parents /etc/skel/.config/
 +cat <<EOF > /etc/skel/.config/plasma-locale-settings.sh
 +# Generated script, do not edit
 +# Exports language-format specific env vars from startkde.
 +# This script has been generated from kcmshell5 formats.
 +# It will automatically be overwritten from there.
 +export LANG=cu_RU.UTF-8
 +export LANGUAGE=ru
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/plasma-localerc
 +[Formats]
 +LANG=cu_RU.UTF-8
 +
 +[Translations]
 +LANGUAGE=ru
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/kdeglobals
 +[Translations]
 +LANGUAGE=ru
 +EOF
 +
 +mkdir --parents /etc/skel/.config/KDE
 +cat <<EOF > /etc/skel/.config/KDE/Sonnet.conf
 +[General]
 +autodetectLanguage=true
 +backgroundCheckerEnabled=true
 +checkUppercase=true
 +checkerEnabledByDefault=false
 +defaultClient=
 +defaultLanguage=ru_RU
 +ignore_ru_RU=Amarok, KAddressBook, KDevelop, KHTML, KIO, KJS, KMail, KMix, KOrganizer, Konqueror, Kontact, Nepomuk, Okular, Qt, Sonnet
 +skipRunTogether=true
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/kcminputrc
 +[Keyboard]
 +KeyboardRepeating=0
 +NumLock=2
 +RepeatDelay=600
 +RepeatRate=25
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/kxkbrc
 +[Layout]
 +DisplayNames=,
 +LayoutList=ru,us
 +LayoutLoopCount=-1
 +Model=pc101
 +Options=grp:alt_shift_toggle,grp:ctrl_shift_toggle
 +ResetOldOptions=true
 +ShowFlag=false
 +ShowLabel=true
 +ShowLayoutIndicator=true
 +ShowSingle=false
 +SwitchMode=Global
 +Use=true
 +EOF
 +
 +############################################################
 +### Export Locale Variables
 +############################################################
 +mkdir --parents /etc/skel/.config/plasma-workspace/env/
 +cat <<EOF > /etc/skel/.config/plasma-workspace/env/locale_ru.sh
 +#!/bin/bash
 +export LANG=ru_RU.utf8
 +export LANGUAGE=ru_RU
 +EOF
 +
 +###########################################################
 +### Set MIME types applications
 +###########################################################
 +xdg-settings set default-url-scheme-handler yandex-browser-beta.desktop
 +xdg-settings set default-url-scheme-handler yandex-browser-beta.desktop
 +
 +#cat <<EOF > /etc/skel/.config/mimeapps.list
 +#[Default Applications]
 +#inode/directory=org.kde.dolphin.desktop
 +#x-scheme-handler/http=yandex-browser-beta.desktop
 +#x-scheme-handler/https=yandex-browser-beta.desktop
 +#EOF
 +
 +#######################################################################################
 +### Setup LibreOffice Locale
 +#######################################################################################
 +mkdir --parents /etc/skel/.config/libreoffice/4/user/
 +cat <<EOF > /etc/skel/.config/libreoffice/4/user/registrymodifications.xcu
 +<?xml version="1.0" encoding="UTF-8"?>
 +<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 +<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.presentation.PresentationDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>Impress MS PowerPoint 2007 XML</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.sheet.SpreadsheetDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>Calc MS Excel 2007 XML</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.text.TextDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>MS Word 2007 XML</value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/SpellCheckerList"><prop oor:name="ru-RU" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/SpellCheckerList"><prop oor:name="en-US" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/LastFoundSpellCheckers"><prop oor:name="ru-RU" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/LastFoundSpellCheckers"><prop oor:name="en-US" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale_CTL" oor:op="fuse"><value></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale" oor:op="fuse"><value>ru-RU</value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale_CJK" oor:op="fuse"><value></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="IsIgnoreControlCharacters" oor:op="fuse"><value>true</value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="UILocale" oor:op="fuse"><value>ru</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="ooLocale" oor:op="fuse"><value>ru</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="ooSetupSystemLocale" oor:op="fuse"><value>ru-RU</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="IgnoreLanguageChange" oor:op="fuse"><value>false</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="DecimalSeparatorAsLocale" oor:op="fuse"><value>true</value></prop></item>
 +</oor:items>
 +EOF
 +
 +####################################################################
 +#### Install Kaspersky
 +####################################################################
 +ADDONSDIR="/tmp/addons"
 +mkdir --parents $ADDONSDIR
 +curl http://szud-linux-repo.sigma.sbrf.ru/addons.tar.gz | tar -xzv -C $ADDONSDIR
 +apt-get -y install libc6-i386 build-essential
 +dpkg -i --force-architecture $ADDONSDIR/kes10/*.deb
 +
 +###‘PT_PTRACE_CAP’ undeclared (first use in this function)
 +sed -i 's/ | PT_PTRACE_CAP//' /opt/kaspersky/kav4fs/src/kernel/module.linux/interceptor_rfs.c
 +/opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --auto-install=$ADDONSDIR/kes10/install.conf
 +
 +### i_mutex_fix
 +sed -i 's/mutex_lock(&inode->i_mutex);/inode_lock(inode);/' /opt/kaspersky/kav4fs/src/kernel/redirfs/rfs.h
 +sed -i 's/mutex_unlock(&inode->i_mutex);/inode_unlock(inode);/' /opt/kaspersky/kav4fs/src/kernel/redirfs/rfs.h
 +
 +/opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl <$ADDONSDIR/kes10/server
 +/opt/kaspersky/kav4fs/bin/kav4fs-wmconsole-passwd
 +service kav4fs-wmconsole restart
 +
 +reboot
 +</code>
 +
 +
 +
 +====== Join AD & Setup VDA ======
 +<code>
 +#! /bin/bash
 +
 +####################################
 +#### Set needed Variables
 +####################################
 +NEW_HOSTNAME=$1
 +CONNECTION=`ip link | grep 'state UP' | awk '{ print $2 }' | sed 's/:$//'`
 +NEW_DOMAINNAME=`grep 'option domain-name' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/"//g;s/;//g'`
 +
 +# check root
 +if [ "$(id -u)" != "0" ]; then
 +  echo "You do not have the appropriate privileges..."
 +  exit 1
 +fi
 +
 +# check hostname $1
 +if [[ -z "$1" ]]; then
 +        echo "Hostname is epmty"
 +        echo "Try to run: ./join_ad_ctx.sh new-host-name"
 +        exit 1
 +fi
 +
 +###############################################
 +### Setting HOSTNAME, DOMAINNAME
 +###############################################
 +sed -i '/^127./D' /etc/hosts
 +echo "127.0.0.1 $NEW_HOSTNAME.$NEW_DOMAINNAME $NEW_HOSTNAME localhost" | sudo tee -a /etc/hosts
 +echo "127.0.0.2 $NEW_HOSTNAME.$NEW_DOMAINNAME $NEW_HOSTNAME" | sudo tee -a /etc/hosts
 +hostname $NEW_HOSTNAME
 +domainname $NEW_DOMAINNAME
 +echo $NEW_HOSTNAME.$NEW_DOMAINNAME | sudo tee /etc/HOSTNAME
 +echo $NEW_HOSTNAME.$NEW_DOMAINNAME | sudo tee /etc/hostname
 +
 +net ads join -U ADDSIGMACA
 +
 +/opt/Citrix/VDA/sbin/ctxcleanup.sh
 +CTX_XDL_SUPPORT_DDC_AS_CNAME=N \
 +CTX_XDL_DDC_LIST="v-szud-ctxdc-01.sigma.sbrf.ru v-szud-ctxdc-02.sigma.sbrf.ru" \
 +CTX_XDL_VDA_PORT=80 \
 +CTX_XDL_REGISTER_SERVICE=Y \
 +CTX_XDL_ADD_FIREWALL_RULES=Y \
 +CTX_XDL_AD_INTEGRATION=1 \
 +CTX_XDL_HDX_3D_PRO=N \
 +CTX_XDL_VDI_MODE=Y \
 +CTX_XDL_SITE_NAME='<none>' \
 +CTX_XDL_LDAP_LIST='<none>' \
 +CTX_XDL_SEARCH_BASE='<none>' \
 +CTX_XDL_START_SERVICE=Y \
 +/opt/Citrix/VDA/sbin/ctxsetup.sh
 +
 +sleep 10
 +reboot
 +</code>
 +
 +====== Join multiple VMs to AD ======
 +<code>
 +#! /bin/bash
 +vms_ip=$(cat <<EOF
 +10.38.246.47
 +10.38.247.23
 +10.38.246.46
 +10.38.247.22
 +10.38.246.45
 +10.38.246.44
 +10.38.246.43
 +10.38.246.42
 +10.38.246.41
 +EOF
 +)
 +
 +i=30
 +for ip_addr in $vms_ip; do
 +echo 'IP '$ip_addr ' name - szud-ubuntu'$i
 +ssh -o StrictHostKeyChecking=no -t localuser@$ip_addr "sudo ~/join_ad_setup_ctx.sh szud-ubuntu$i" &
 +((i-=1))
 +done
 +</code>
  
  • linux_faq/ubuntu_setup_script.txt
  • Last modified: 2021/03/29 18:44
  • by admin