Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revisionBoth sides next revision
linux_faq:ubuntu_setup_script [2019/02/11 09:13] – external edit 127.0.0.1linux_faq:ubuntu_setup_script [2019/07/03 19:58] admin
Line 1: Line 1:
 +В скрипте в секции **Set needed Variables** надо задать только имя хоста.
 +Остальные параметры (**DNS**, **domain-name**, **DOMAIN controllers**) скрипт получает из **DHCP** и **DNS**. 
 +
 +Запускать так: **sudo ./script.sh** \\
 +Сделать: \\
 +
 +3. http://kerberos.996246.n3.nabble.com/Pending-quot-gss-init-sec-context-failed-Unspecified-GSS-failure-quot-td22422.html
 +I had the same problem/error and fixed it by adding "allow_weak_crypto = true" under [libdefaults] in /etc/krb5.conf 
 +This works for me, at least on Debian Squeeze, Ubuntu Karmic, and Ubuntu Lucid. 
 +This was announced in /usr/share/doc/libkrb5-3/NEWS.Debian.gz. 
 +Hope this helps. \\
 +
 +
 + <code>
 +#! /bin/bash
 +
 +####################################
 +#### Set needed Variables
 +####################################
 +CONNECTION=`ip link | grep 'state UP' | awk '{ print $2 }' | sed 's/:$//'`
 +NEW_DOMAINNAME=`grep 'option domain-name' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/"//g;s/;//g'`
 +DNS_SERVERS=`grep 'option domain-name-servers' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/,/ /g;s/;//g'`
 +DNS_STATIC_SEARCHLIST="$NEW_DOMAINNAME sberbank.ru"
 +DOMAIN_CONTROLLERS=`host -t srv _ldap._tcp.$NEW_DOMAINNAME | awk {'print $8'} | sed 's/.$//g'`
 +DEFAULT_REALM="${NEW_DOMAINNAME^^}"
 +NETBIOS_DOMAIN_NAME=$(echo $DEFAULT_REALM | sed  '1,$ s/\..*//g')
 +CA_CERT_PREFIX="SberBank_Root_CA"
 +
 +# check root
 +if [ "$(id -u)" != "0" ]; then
 +  echo "You do not have the appropriate privileges..."
 +  exit 1
 +fi
 +
 +##############################################
 +### Disable IPv6
 +##############################################
 +cp /etc/sysctl.conf /etc/sysctl.conf.bak_`date +"%d.%m.%y_%H-%M"`
 +sed -i '/^net.ipv6.conf/D' /etc/sysctl.conf
 +echo 'net.ipv6.conf.all.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
 +echo 'net.ipv6.conf.default.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
 +echo 'net.ipv6.conf.lo.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
 +sysctl -p
 +
 +##############################################
 +### Setting up NameServers
 +##############################################
 +echo "search $DNS_STATIC_SEARCHLIST" | sudo tee -a /etc/resolvconf/resolv.conf.d/base
 +echo -ne > /etc/resolvconf/resolv.conf.d/head
 +for nameserver in $DNS_SERVERS; do echo "nameserver $nameserver" | sudo tee -a /etc/resolvconf/resolv.conf.d/head ;done
 +resolvconf -u
 +
 +###########################################
 +### Add Certificates
 +###########################################
 +openssl s_client -showcerts -connect ya.ru:443 </dev/null > chain.pem
 +csplit -k -f $CA_CERT_PREFIX ./chain.pem '/END CERTIFICATE/+1' {10}
 +find ./ -iname $CA_CERT_PREFIX\* -type f -exec grep -F -L 'END CERTIFICATE' '{}' + | xargs -d '\n' rm
 +for file in "$CA_CERT_PREFIX"* ; do sudo mv "$file" /usr/local/share/ca-certificates/"$file".pem ; done
 +for file in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ; do sudo cp "$file" /etc/ssl/certs/ ; done
 +c_rehash /etc/ssl/certs/
 +c_rehash /usr/local/share/ca-certificates/
 +update-ca-certificates
 +rm -f ./chain.pem
 +
 +####################################
 +#### Setup Software
 +####################################
 +#echo "deb http://ppa.launchpad.net/kubuntu-ppa/backports/ubuntu xenial main" > /etc/apt/sources.list.d/kubuntu-ppa.list
 +#apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8AC93F7A
 +#echo "deb https://tel.red/repos/ubuntu xenial non-free" > /etc/apt/sources.list.d/telred.list
 +#apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE49F8C5
 +#echo "deb [arch=amd64] http://repo.yandex.ru/yandex-browser/deb beta main" > /etc/apt/sources.list.d/yandex-browser.list
 +#curl -k https://repo.yandex.ru/yandex-browser/YANDEX-BROWSER-KEY.GPG | sudo apt-key add -
 +
 +apt-get update
 +apt-get -y upgrade
 +#apt-get -y install kubuntu-full
 +apt-get -y install kubuntu-desktop
 +apt-get -y install xorg
 +apt-get -y install nano curl openssl libnss3-tools \
 +chrony krb5-config krb5-locales krb5-user libpam-krb5 \
 +samba smbclient winbind libpam-winbind libnss-winbind gss-ntlmssp \
 +ldap-utils cifs-utils libsasl2-modules-gssapi-mit \
 +libreoffice-l10n-ru aspell-ru language-pack-gnome-ru language-pack-gnome-ru-base \
 +language-pack-ru language-pack-ru-base language-pack-kde-ru \
 +evolution evolution-ews evolution-plugins desktop-file-utils \
 +xvfb myspell-ru build-essential libc6-i386
 +
 +apt-get -y --allow-unauthenticated install flashplugin-installer yandex-browser-beta
 +#apt-get -y install sky
 +#apt-get install clamav tightvncserver
 +###  http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20170411.1.orig.tar.gz
 +curl -o /tmp/adobe-flashplugin_20170411.1.orig.tar.gz \
 +http://szud-linux-repo.sigma.sbrf.ru/adobe-flashplugin_20170411.1.orig.tar.gz \
 +&& /usr/lib/flashplugin-installer/install_plugin \
 +/tmp/adobe-flashplugin_20170411.1.orig.tar.gz \
 +&& rm /tmp/adobe-flashplugin_20170411.1.orig.tar.gz
 +
 +#####################################################################
 +### Download and install Citrix VDA
 +#####################################################################
 +curl -o ./VDA.deb http://szud-linux-repo.sigma.sbrf.ru/xendesktopvda_7.13.0.382-1.Kubuntu16.04_amd64.deb && apt-get -y install ./VDA.deb && rm -f ./VDA.deb
 +
 +###############################################
 +### Setup Services
 +###############################################
 +systemctl enable ssh
 +systemctl enable nmbd.service
 +systemctl enable samba.service
 +systemctl enable winbind.service
 +#############################################
 +#### Setting sudo
 +#############################################
 +cat <<EOF > /etc/sudoers.d/domain_users
 +localuser       ALL=(ALL) ALL
 +%$NETBIOS_DOMAIN_NAME\\\\domain\ users          ALL=(ALL) ALL
 +%domain\ users          ALL=(ALL) ALL
 +%$NETBIOS_DOMAIN_NAME\\\\domain\ admins      ALL=(ALL) NOPASSWD: ALL
 +%domain\ admins      ALL=(ALL) NOPASSWD: ALL
 +EOF
 +
 +sed -i "/^Defaults\ targetpw.*\$/ s/^/#/" /etc/sudoers
 +sed -i "/^Defaults\ env_reset.*\$/ s/\ env_reset/\ \!env_reset/" /etc/sudoers
 +sed -i "/^ALL.*ALL=(ALL).*\$/ s/^/#/" /etc/sudoers
 +
 +############################################################
 +#### Suppress PolKit prompt messages
 +############################################################
 +#cat <<EOF > /etc/polkit-1/localauthority/50-local.d/allow_all.pkla
 +#[Do not prompt users with any messages]
 +#Identity=unix-user:*
 +#Action=*
 +#ResultAny=yes
 +#ResultInactive=yes
 +#EOF
 +
 +cat <<EOF > /etc/polkit-1/localauthority/50-local.d/55-inhibit-shutdown.pkla
 +[Disable PowerOff, Reboot, Hibernate, Suspend]
 +Identity=unix-user:*
 +Action=org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
 +ResultAny=no
 +ResultInactive=no
 +ResultActive=no
 +EOF
 +
 +cat <<EOF > /etc/polkit-1/localauthority/50-local.d/60-inhibit-network-changes.pkla
 +[Disable PowerOff, Reboot, Hibernate, Suspend]
 +Identity=unix-user:*
 +Action=org.freedesktop.NetworkManager.*
 +ResultAny=no
 +ResultInactive=no
 +ResultActive=no
 +EOF
 +
 +#########################################
 +### Setup NTP servers
 +#########################################
 +sed -i "/^pool.*\$/ s/^/#/" /etc/chrony/chrony.conf
 +sed -i "/^server.*\$/ s/^/#/" /etc/chrony/chrony.conf
 +
 +for dc in $DOMAIN_CONTROLLERS;
 +do
 +echo "server $dc iburst" | sudo tee -a /etc/chrony/chrony.conf
 +done
 +
 +#########################################
 +### Setup Kerberos /etc/krb5.conf
 +#########################################
 +LIBDEFAULTS=$(cat <<EOF
 +[libdefaults]
 +dns_lookup_kdc = true
 +dns_lookup_realm = false
 +default_realm = $DEFAULT_REALM
 +clockskew = 300
 +default_ccache_name = FILE:/tmp/krb5cc_%{uid}
 +EOF
 +)
 +
 +REALMS_KDC=$(for i in $DOMAIN_CONTROLLERS; do echo "kdc = $i";done)
 +
 +REALMS=$(cat <<EOF
 +
 +[realms]
 +$DEFAULT_REALM = {
 +$REALMS_KDC
 +default_domain = $DEFAULT_REALM
 +}
 +EOF
 +)
 +
 +DOMAIN_REALM=$(cat <<EOF
 +
 +[domain_realm]
 +.$NEW_DOMAINNAME = $DEFAULT_REALM
 +$NEW_DOMAINNAME = $DEFAULT_REALM
 +
 +[appdefaults]
 +pam = {
 +        ticket_lifetime = 1d
 +        renew_lifetime = 1d
 +        forwardable = true
 +        proxiable = false
 +        minimum_uid = 1
 +}
 +EOF
 +)
 +
 +echo "$LIBDEFAULTS" > /etc/krb5.conf
 +echo "$REALMS" >> /etc/krb5.conf
 +echo "$DOMAIN_REALM" >> /etc/krb5.conf
 +
 +########################################
 +#### Configure /etc/samba/smb.conf
 +########################################
 +SMB_CONF=$(cat <<EOF
 +# smb.conf is the main Samba configuration file. You find a full commented
 +# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
 +# samba-doc package is installed.
 +[global]
 +        workgroup = $NETBIOS_DOMAIN_NAME
 +        passdb backend = tdbsam
 +        map to guest = Bad User
 +        include = /etc/samba/dhcp.conf
 +        usershare allow guests = No
 +        idmap gid = 10000-20000
 +        idmap uid = 10000-20000
 +        realm = $DEFAULT_REALM
 +        security = ADS
 +        template homedir = /home/%D/%U
 +        template shell = /bin/bash
 +        usershare max shares = 100
 +        encrypt passwords = yes
 +        kerberos method = secrets and keytab
 +        winbind nested groups = yes
 +        winbind offline logon = yes
 +        winbind refresh tickets = yes
 +        winbind use default domain = yes
 +        dns proxy = no
 +        domain master = no
 +        local master = no
 +        preferred master = no
 +        load printers = no
 +        show add printer wizard = no
 +        printcap name = /dev/null
 +        disable spoolss = yes
 +        client use spnego = yes
 +        client ntlmv2 auth = yes
 +EOF
 +)
 +
 +mv /etc/samba/smb.conf /etc/samba/smb.conf.bak_`date +"%d.%m.%y_%H-%M"`
 +echo "$SMB_CONF" > /etc/samba/smb.conf
 +
 +########################################
 +#### Configure /etc/nsswitch.conf
 +########################################
 +sed -i '/^passwd:.*compat$/ s/$/ winbind/' /etc/nsswitch.conf
 +sed -i '/^group:.*compat$/ s/$/ winbind/' /etc/nsswitch.conf
 +sed -i '/^hosts:/ s/:.*$/: files dns/' /etc/nsswitch.conf
 +
 +##########################################
 +#### Configure PAM
 +##########################################
 +sed -i "/^Default:.*\$/ s/:.*$/: yes/" /usr/share/pam-configs/mkhomedir
 +sed -i '/^mkhomedir/D' /var/lib/pam/seen
 +pam-auth-update --package
 +################################################################
 +### Fix /etc/pam.d/sddm to allow copy /etc/skel/ on first logon
 +### https://wiki.autosys.tk/doku.php?id=linux_faq:kde_not_copying_etc_skel_on_user_first_login
 +################################################################
 +sed -i '/pam_kwallet/ s/^/#/g' /etc/pam.d/sddm
 +
 +#################################################
 +### Disable autologin
 +#################################################
 +#sed -i "/^DISPLAYMANAGER_AUTOLOGIN=.*\$/ s/=.*$/=\"\"/" /etc/sysconfig/displaymanager
 +
 +#####################################################
 +#### Set SDDM Theme to allow input Username
 +#####################################################
 +cp /usr/share/sddm/themes/breeze/Login.qml /usr/share/sddm/themes/breeze/Login.qml.bak_`date +"%d.%m.%y_%H-%M"`
 +sed -i "/^.*property bool showUsernamePrompt:.*\$/ s/:.*$/: true/" /usr/share/sddm/themes/breeze/Login.qml
 +
 +#######################################################
 +#### Import CA Certificates into Browsers
 +#   http://blog.xelnor.net/firefox-systemcerts/
 +#######################################################
 +HOMEDIR=$(getent passwd $SUDO_USER | cut -d: -f6)
 +apt-get -y install libnss3-tools
 +rm -Rf $HOMEDIR/.mozilla
 +rm -Rf $HOMEDIR/.pki
 +
 +########################################################
 +#### Create and fill cert8.db in Firefox Profile
 +########################################################
 +killall firefox
 +sudo -u  $SUDO_USER xvfb-run --server-args="-screen 0, 1280x1024x24" firefox -CreateProfile default
 +FirefoxProfileDir=$(find $HOMEDIR'/.mozilla/firefox/' -iname '*.default');
 +for certificateFile in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ;
 +do
 + certutil -A -n "${certificateFile}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${FirefoxProfileDir}
 +done
 +chmod -R a+rw $HOMEDIR/.mozilla/firefox/*
 +
 +################################################################################
 +#### Import certificates into nssdb for Chromium engine
 +################################################################################
 +mkdir --parents $HOMEDIR/.pki/nssdb
 +echo 1q2w3e4r | sudo tee $HOMEDIR/.pki/nssdb/password-file
 +certutil -N -f $HOMEDIR/.pki/nssdb/password-file -d $HOMEDIR/.pki/nssdb
 +for certificateFile in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ;
 +do
 + certutil -f $HOMEDIR/.pki/nssdb/password-file -A -n "${certificateFile}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d sql:$HOMEDIR/.pki/nssdb
 +done
 +chmod -R a+rw $HOMEDIR/.pki/nssdb/*
 +
 +#########################################################
 +### Copy databases with imported certs to default profile
 +#########################################################
 +rm -Rf /etc/skel/.pki/nssdb/*
 +rm -Rf /etc/skel/.mozilla/firefox/*
 +mkdir --parents /etc/skel/.pki/nssdb/
 +cp -Rf $HOMEDIR/.pki/nssdb/* /etc/skel/.pki/nssdb/
 +mkdir --parents /etc/skel/.mozilla/firefox/
 +cp -Rf $HOMEDIR/.mozilla/firefox/* /etc/skel/.mozilla/firefox/
 +
 +############################################################
 +### Setup Evolution Mail Client
 +############################################################
 +### Force Evolution Mail to be online
 +############################################################
 +mkdir --parents /etc/skel/.config/plasma-workspace/env/
 +cat <<EOF > /etc/skel/.config/plasma-workspace/env/evolution.sh
 +#!/bin/bash
 +export LANG=ru_RU.utf8
 +export LANGUAGE=ru_RU
 +export GIO_USE_NETWORK_MONITOR=base
 +EOF
 +##############################################################
 +### Create Evolution EWS Autodiscovery Script
 +##############################################################
 +mkdir --parents /etc/skel/.config/autostart-scripts/
 +cat <<ENDOFSCRIPT > /etc/skel/.config/autostart-scripts/ews_autodiscovery.sh
 +#! /bin/bash
 +
 +export GIO_USE_NETWORK_MONITOR=base
 +DOMAINNAME=\`hostname -d\`
 +##################################################
 +### Check if Evolution EWS source file exist
 +##################################################
 +if [ -f ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.1.source ]; then
 +echo
 +else
 +##########################################
 +## Check if connected to AD
 +##########################################
 +if ! wbinfo -P; then
 +echo "NETLOGON test failed" >> ~/.ews_setup.log
 +else
 +echo "NETLOGON test OK" >> ~/.ews_setup.log
 +
 +CURRENT_DC=\`wbinfo -P | awk '{print \$9}' | awk -F "\"" '{print \$2}'\`
 +FULL_NAME=\`wbinfo -i \$USER | awk -F ":" '{print \$5}'\`
 +BASEDN=\`echo \$CURRENT_DC | sed s/^[^.]*.//g | sed s/"\."/,dc=/g | sed s/^/dc=/\`
 +MAIL=\`ldapsearch -h \$CURRENT_DC -b "\$BASEDN" "sAMAccountName=\$USER" | grep mail: | awk '{print \$2 }'\`
 +
 +###############################################################################################
 +### MS Exchange autodiscovery
 +#### https://github.com/sys4/automx/blob/master/src/automx-test
 +#### http://stackoverflow.com/questions/38509837/when-using-negotiate-with-curl-is-a-keytab-file-required
 +#### Joined AD with samba/winbind and have package gss-ntlmssp
 +###############################################################################################
 +AUTOD_URL="https://autodiscover.\`echo \$MAIL | sed 's/^.*@//'\`"/autodiscover/autodiscover.xml
 +REQUEST=\$(cat <<EOF
 +<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
 +<Request>
 +<EMailAddress>\$MAIL</EMailAddress>
 +<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
 +</Request>
 +</Autodiscover>
 +EOF
 +)
 +
 +bash -c "curl -k -d '\$REQUEST' --header \"Content-Type: text/xml\" -s --negotiate -u : \$AUTOD_URL" > ~/.autodiscover.xml
 +OABUrl=\$(cat ~/.autodiscover.xml | grep -m 1 OABUrl | awk -F '[<>]' '{ print \$3 }')oab.xml
 +EwsUrl=\$(cat ~/.autodiscover.xml | grep -m 1 EwsUrl | awk -F '[<>]' '{ print \$3 }')
 +EwsHost=\$(echo \$EwsUrl | awk -F '/' '{ print \$3 }')
 +rm ~/.autodiscover.xml
 +
 +echo CURRENT_DC - \$CURRENT_DC > ~/.ews_setup.log
 +echo FULL_NAME - \$FULL_NAME >> ~/.ews_setup.log
 +echo BASEDN - \$BASEDN >> ~/.ews_setup.log
 +echo MAIL - \$MAIL >> ~/.ews_setup.log
 +echo DOMAINNAME - \$DOMAINNAME >> ~/.ews_setup.log
 +echo OABUrl - \$OABUrl >> ~/.ews_setup.log
 +echo EwsUrl - \$EwsUrl >> ~/.ews_setup.log
 +echo EwsHost - \$EwsHost >> ~/.ews_setup.log
 +################################################################
 +### Check URLs format
 +################################################################
 +echo \$OABUrl | grep -E '(https|http)://(([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/(oab|OAB)([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/oab.xml)'
 +OAB_URL_Check=\$?
 +echo \$EwsUrl | grep -E '(https|http)://(([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/(ews|EWS)([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/exchange.asmx)'
 +EWS_URL_Check=\$?
 +
 +if [ \$OAB_URL_Check != 0 ] || [ \$EWS_URL_Check != 0 ]; then
 +echo "OAB and EWS URLs check failed... Exit..." >> ~/.ews_setup.log
 +else
 +echo "OAB and EWS URLs check OK" >> ~/.ews_setup.log
 +
 +######################################################################
 +### CleaningUp and creating evolution source files
 +######################################################################
 +killall evolution-source-registry
 +rm -Rf ~/.config/evolution/sources
 +mkdir --parents ~/.config/evolution/sources
 +
 +#####################################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.1.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=
 +
 +[Offline]
 +StaySynchronized=true
 +
 +[Authentication]
 +Host=\$EwsHost
 +Method=GSSAPI
 +Port=443
 +ProxyUid=system-proxy
 +RememberPassword=true
 +User=\$USER
 +CredentialName=
 +
 +[Collection]
 +BackendName=ews
 +CalendarEnabled=true
 +ContactsEnabled=true
 +Identity=\$USER
 +MailEnabled=true
 +
 +[Security]
 +Method=none
 +
 +[Ews Backend]
 +FilterInbox=true
 +StoreChangesInterval=3
 +CheckAll=true
 +ListenNotifications=true
 +Email=\$MAIL
 +FilterJunk=true
 +FilterJunkInbox=false
 +FoldersInitialized=true
 +GalUid=ews.\$USER.\$DOMAINNAME
 +Hosturl=\$EwsUrl
 +Oaburl=\$OABUrl
 +OabOffline=true
 +OalSelected=
 +Timeout=300
 +UseImpersonation=false
 +ImpersonateUser=
 +EOF
 +
 +######################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.0.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=ews.\$USER.\$DOMAINNAME.1
 +
 +[Mail Composition]
 +Bcc=
 +Cc=
 +DraftsFolder=folder://ews.\$USER.\$DOMAINNAME/%d0%a7%d0%b5%d1%80%d0%bd%d0%be%d0%b2%d0%b8%d0%ba%d0%b8
 +SignImip=true
 +TemplatesFolder=folder://local/Templates
 +
 +[Mail Identity]
 +Address=\$MAIL
 +Name=\$FULL_NAME
 +Organization=
 +ReplyTo=
 +SignatureUid=none
 +
 +[Mail Submission]
 +SentFolder=folder://ews.\$USER.\$DOMAINNAME/%d0%9e%d1%82%d0%bf%d1%80%d0%b0%d0%b2%d0%bb%d0%b5%d0%bd%d0%bd%d1%8b%d0%b5
 +TransportUid=ews.\$USER.\$DOMAINNAME.13
 +RepliesToOriginFolder=false
 +EOF
 +
 +######################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.3.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=ews.\$USER.\$DOMAINNAME.1
 +
 +[Refresh]
 +Enabled=true
 +IntervalMinutes=3
 +
 +[Mail Account]
 +BackendName=ews
 +IdentityUid=ews.\$USER.\$DOMAINNAME
 +ArchiveFolder=
 +EOF
 +
 +###############################################################################
 +cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.13.source
 +[Data Source]
 +DisplayName=\$MAIL
 +Enabled=true
 +Parent=ews.\$USER.\$DOMAINNAME.1
 +
 +[Mail Transport]
 +BackendName=ews
 +EOF
 +
 +################################################################################
 +cat <<EOF > ~/.config/evolution/sources/local.source
 +# Special built-in mail store.
 +[Data Source]
 +DisplayName=On This Computer
 +Enabled=false
 +Parent=
 +
 +[Mail Account]
 +BackendName=maildir
 +IdentityUid=self
 +ArchiveFolder=
 +
 +[Maildir Backend]
 +FilterInbox=true
 +Path=\$HOME/.local/share/evolution/mail/local
 +EOF
 +
 +########################################################################
 +cat <<EOF > ~/.config/evolution/sources/vfolder.source
 +# Special built-in mail store.
 +
 +[Data Source]
 +DisplayName=Search Folders
 +Enabled=false
 +Parent=
 +
 +[Mail Account]
 +BackendName=vfolder
 +IdentityUid=self
 +ArchiveFolder=
 +
 +[Vfolder Backend]
 +FilterInbox=true
 +EOF
 +
 +##########################################################################
 +mkdir --parents ~/.config/evolution/mail/
 +cat <<EOF > ~/.config/evolution/mail/state.ini
 +[GlobalFolder]
 +GroupByThreads=false
 +PreviewVisible=true
 +
 +[Store ews.\$USER.\$DOMAINNAME.3]
 +Expanded=true
 +
 +[Search Bar]
 +SearchScope=mail-scope-current-folder
 +SearchOption=mail-search-subject-or-addresses-contain
 +
 +[Folder Tree]
 +Selected=folder://ews.\$USER.\$DOMAINNAME.3/%d0%92%d1%85%d0%be%d0%b4%d1%8f%d1%89%d0%b8%d0%b5
 +
 +[Folder folder://ews.\$USER.\$DOMAINNAME.3/%d0%92%d1%85%d0%be%d0%b4%d1%8f%d1%89%d0%b8%d0%b5]
 +GroupByThreads=false
 +PreviewVisible=true
 +Expanded=true
 +
 +EOF
 +
 +fi
 +fi
 +fi
 +ENDOFSCRIPT
 +
 +chmod +x /etc/skel/.config/autostart-scripts/ews_autodiscovery.sh
 +
 +#############################################################
 +### Disable Screen Locker By Default
 +#############################################################
 +mkdir --parents /etc/skel/.config/
 +cat <<EOF > /etc/skel/.config/kscreenlockerrc
 +[Daemon]
 +Autolock=false
 +EOF
 +
 +#########################################################
 +### Disable KDEWallet By Default
 +#########################################################
 +mkdir --parents /etc/skel/.config
 +cat <<EOF > /etc/skel/.config/kwalletrc
 +[Wallet]
 +Enabled=false
 +EOF
 +
 +############################################################
 +### Enable Autostart apps
 +############################################################
 +mkdir --parents /etc/skel/.config/autostart/
 +cp /usr/share/applications/sky.desktop /etc/skel/.config/autostart/
 +
 +##########################################################
 +###Change Default Desktop View to Folder
 +##########################################################
 +cp /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults.bak_`date +"%d.%m.%y_%H-%M"`
 +sed -i '/Containment=/ s/org.kde.desktopcontainment$/org.kde.plasma.folder/' /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults
 +
 +#############################################################
 +### Disable Desktop Effects By Default (Compositor)
 +#############################################################
 +cat <<EOF > /etc/skel/.config/kwinrc
 +[Compositing]
 +Enabled=false
 +EOF
 +
 +#########################################################
 +### Create Default Shortcuts
 +#########################################################
 +mkdir --parents /etc/skel/Desktop
 +cp /usr/share/applications/evolution.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/libreoffice-calc.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/libreoffice-writer.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/libreoffice-impress.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/yandex-browser-beta.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/org.kde.konsole.desktop /etc/skel/Desktop/
 +cp /usr/share/applications/org.kde.dolphin.desktop /etc/skel/Desktop/
 +
 +chmod +x /etc/skel/Desktop/*
 +
 +###############################################################################
 +### Modifying KDE default panel settings
 +### https://forum.kde.org/viewtopic.php?f=67&t=94534#p193422
 +### http://askubuntu.com/questions/897979/unable-to-populate-a-kde-quicklaunch-widget-via-the-plasma-scripting-interface
 +##############################################################################
 +cp /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js.bak_`date +"%d.%m.%y_%H-%M"`
 +#########################################################
 +#### Change kickoff menu to kicker by default for new users
 +#### org.kde.plasma.kickoff -> org.kde.plasma.kicker
 +#########################################################
 +sed -i 's/kickoff/kicker/g' /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +###########################################################################
 +#### Add quick launchers
 +############################################################################
 +QUICKLAUNCHERS=$(cat <<EOF
 +
 +//Add QuickLaunchers
 +var quicklaunch = panel.addWidget("org.kde.plasma.quicklaunch");
 +var qlurls = ["file:///usr/share/applications/yandex-browser-beta.desktop",
 +          "file:///usr/share/applications/evolution.desktop",
 +          "file:///usr/share/applications/libreoffice-writer.desktop",
 +          "file:///usr/share/applications/libreoffice-calc.desktop",
 +          "file:///usr/share/applications/org.kde.dolphin.desktop",
 +          "file:///usr/share/applications/org.kde.konsole.desktop"
 +         ];
 +quicklaunch.currentConfigGroup = ["General"];
 +quicklaunch.writeConfig("launcherUrls", qlurls);
 +EOF
 +)
 +
 +grep -q "//Add QuickLaunchers" /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +[ $? -ne 0 ] && while read line
 +do
 +        echo "$line" >> /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new
 +        echo "$line" | grep -q "kicker.writeConfig"
 +        [ $? -eq 0 ] && echo "$QUICKLAUNCHERS" >> /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new
 +done < /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +
 +mv /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
 +
 +###########################################################################################
 +### Enable Russian Locale
 +###########################################################################################
 +locale-gen ru_RU.UTF-8
 +update-locale LANG="ru_RU.UTF-8" LANGUAGE="ru_RU"
 +mkdir --parents /etc/skel/.config/
 +cat <<EOF > /etc/skel/.config/plasma-locale-settings.sh
 +# Generated script, do not edit
 +# Exports language-format specific env vars from startkde.
 +# This script has been generated from kcmshell5 formats.
 +# It will automatically be overwritten from there.
 +export LANG=cu_RU.UTF-8
 +export LANGUAGE=ru
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/plasma-localerc
 +[Formats]
 +LANG=cu_RU.UTF-8
 +
 +[Translations]
 +LANGUAGE=ru
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/kdeglobals
 +[Translations]
 +LANGUAGE=ru
 +EOF
 +
 +mkdir --parents /etc/skel/.config/KDE
 +cat <<EOF > /etc/skel/.config/KDE/Sonnet.conf
 +[General]
 +autodetectLanguage=true
 +backgroundCheckerEnabled=true
 +checkUppercase=true
 +checkerEnabledByDefault=false
 +defaultClient=
 +defaultLanguage=ru_RU
 +ignore_ru_RU=Amarok, KAddressBook, KDevelop, KHTML, KIO, KJS, KMail, KMix, KOrganizer, Konqueror, Kontact, Nepomuk, Okular, Qt, Sonnet
 +skipRunTogether=true
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/kcminputrc
 +[Keyboard]
 +KeyboardRepeating=0
 +NumLock=2
 +RepeatDelay=600
 +RepeatRate=25
 +EOF
 +
 +cat <<EOF > /etc/skel/.config/kxkbrc
 +[Layout]
 +DisplayNames=,
 +LayoutList=ru,us
 +LayoutLoopCount=-1
 +Model=pc101
 +Options=grp:alt_shift_toggle,grp:ctrl_shift_toggle
 +ResetOldOptions=true
 +ShowFlag=false
 +ShowLabel=true
 +ShowLayoutIndicator=true
 +ShowSingle=false
 +SwitchMode=Global
 +Use=true
 +EOF
 +
 +############################################################
 +### Export Locale Variables
 +############################################################
 +mkdir --parents /etc/skel/.config/plasma-workspace/env/
 +cat <<EOF > /etc/skel/.config/plasma-workspace/env/locale_ru.sh
 +#!/bin/bash
 +export LANG=ru_RU.utf8
 +export LANGUAGE=ru_RU
 +EOF
 +
 +###########################################################
 +### Set MIME types applications
 +###########################################################
 +xdg-settings set default-url-scheme-handler yandex-browser-beta.desktop
 +xdg-settings set default-url-scheme-handler yandex-browser-beta.desktop
 +
 +#cat <<EOF > /etc/skel/.config/mimeapps.list
 +#[Default Applications]
 +#inode/directory=org.kde.dolphin.desktop
 +#x-scheme-handler/http=yandex-browser-beta.desktop
 +#x-scheme-handler/https=yandex-browser-beta.desktop
 +#EOF
 +
 +#######################################################################################
 +### Setup LibreOffice Locale
 +#######################################################################################
 +mkdir --parents /etc/skel/.config/libreoffice/4/user/
 +cat <<EOF > /etc/skel/.config/libreoffice/4/user/registrymodifications.xcu
 +<?xml version="1.0" encoding="UTF-8"?>
 +<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 +<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.presentation.PresentationDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>Impress MS PowerPoint 2007 XML</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.sheet.SpreadsheetDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>Calc MS Excel 2007 XML</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.text.TextDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>MS Word 2007 XML</value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/SpellCheckerList"><prop oor:name="ru-RU" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/SpellCheckerList"><prop oor:name="en-US" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/LastFoundSpellCheckers"><prop oor:name="ru-RU" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/LastFoundSpellCheckers"><prop oor:name="en-US" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale_CTL" oor:op="fuse"><value></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale" oor:op="fuse"><value>ru-RU</value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale_CJK" oor:op="fuse"><value></value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="IsIgnoreControlCharacters" oor:op="fuse"><value>true</value></prop></item>
 +<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="UILocale" oor:op="fuse"><value>ru</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="ooLocale" oor:op="fuse"><value>ru</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="ooSetupSystemLocale" oor:op="fuse"><value>ru-RU</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="IgnoreLanguageChange" oor:op="fuse"><value>false</value></prop></item>
 +<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="DecimalSeparatorAsLocale" oor:op="fuse"><value>true</value></prop></item>
 +</oor:items>
 +EOF
 +
 +####################################################################
 +#### Install Kaspersky
 +####################################################################
 +ADDONSDIR="/tmp/addons"
 +mkdir --parents $ADDONSDIR
 +curl http://szud-linux-repo.sigma.sbrf.ru/addons.tar.gz | tar -xzv -C $ADDONSDIR
 +apt-get -y install libc6-i386 build-essential
 +dpkg -i --force-architecture $ADDONSDIR/kes10/*.deb
 +
 +###‘PT_PTRACE_CAP’ undeclared (first use in this function)
 +sed -i 's/ | PT_PTRACE_CAP//' /opt/kaspersky/kav4fs/src/kernel/module.linux/interceptor_rfs.c
 +/opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --auto-install=$ADDONSDIR/kes10/install.conf
 +
 +### i_mutex_fix
 +sed -i 's/mutex_lock(&inode->i_mutex);/inode_lock(inode);/' /opt/kaspersky/kav4fs/src/kernel/redirfs/rfs.h
 +sed -i 's/mutex_unlock(&inode->i_mutex);/inode_unlock(inode);/' /opt/kaspersky/kav4fs/src/kernel/redirfs/rfs.h
 +
 +/opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl <$ADDONSDIR/kes10/server
 +/opt/kaspersky/kav4fs/bin/kav4fs-wmconsole-passwd
 +service kav4fs-wmconsole restart
 +
 +reboot
 +</code>
 +
 +
 +
 +====== Join AD & Setup VDA ======
 +<code>
 +#! /bin/bash
 +
 +####################################
 +#### Set needed Variables
 +####################################
 +NEW_HOSTNAME=$1
 +CONNECTION=`ip link | grep 'state UP' | awk '{ print $2 }' | sed 's/:$//'`
 +NEW_DOMAINNAME=`grep 'option domain-name' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/"//g;s/;//g'`
 +
 +# check root
 +if [ "$(id -u)" != "0" ]; then
 +  echo "You do not have the appropriate privileges..."
 +  exit 1
 +fi
 +
 +# check hostname $1
 +if [[ -z "$1" ]]; then
 +        echo "Hostname is epmty"
 +        echo "Try to run: ./join_ad_ctx.sh new-host-name"
 +        exit 1
 +fi
 +
 +###############################################
 +### Setting HOSTNAME, DOMAINNAME
 +###############################################
 +sed -i '/^127./D' /etc/hosts
 +echo "127.0.0.1 $NEW_HOSTNAME.$NEW_DOMAINNAME $NEW_HOSTNAME localhost" | sudo tee -a /etc/hosts
 +echo "127.0.0.2 $NEW_HOSTNAME.$NEW_DOMAINNAME $NEW_HOSTNAME" | sudo tee -a /etc/hosts
 +hostname $NEW_HOSTNAME
 +domainname $NEW_DOMAINNAME
 +echo $NEW_HOSTNAME.$NEW_DOMAINNAME | sudo tee /etc/HOSTNAME
 +echo $NEW_HOSTNAME.$NEW_DOMAINNAME | sudo tee /etc/hostname
 +
 +net ads join -U ADDSIGMACA
 +
 +/opt/Citrix/VDA/sbin/ctxcleanup.sh
 +CTX_XDL_SUPPORT_DDC_AS_CNAME=N \
 +CTX_XDL_DDC_LIST="v-szud-ctxdc-01.sigma.sbrf.ru v-szud-ctxdc-02.sigma.sbrf.ru" \
 +CTX_XDL_VDA_PORT=80 \
 +CTX_XDL_REGISTER_SERVICE=Y \
 +CTX_XDL_ADD_FIREWALL_RULES=Y \
 +CTX_XDL_AD_INTEGRATION=1 \
 +CTX_XDL_HDX_3D_PRO=N \
 +CTX_XDL_VDI_MODE=Y \
 +CTX_XDL_SITE_NAME='<none>' \
 +CTX_XDL_LDAP_LIST='<none>' \
 +CTX_XDL_SEARCH_BASE='<none>' \
 +CTX_XDL_START_SERVICE=Y \
 +/opt/Citrix/VDA/sbin/ctxsetup.sh
 +
 +sleep 10
 +reboot
 +</code>
 +
 +====== Join multiple VMs to AD ======
 +<code>
 +#! /bin/bash
 +vms_ip=$(cat <<EOF
 +10.38.246.47
 +10.38.247.23
 +10.38.246.46
 +10.38.247.22
 +10.38.246.45
 +10.38.246.44
 +10.38.246.43
 +10.38.246.42
 +10.38.246.41
 +EOF
 +)
 +
 +i=30
 +for ip_addr in $vms_ip; do
 +echo 'IP '$ip_addr ' name - szud-ubuntu'$i
 +ssh -o StrictHostKeyChecking=no -t localuser@$ip_addr "sudo ~/join_ad_setup_ctx.sh szud-ubuntu$i" &
 +((i-=1))
 +done
 +</code>
  
  • linux_faq/ubuntu_setup_script.txt
  • Last modified: 2021/03/29 18:44
  • by admin