This is an old revision of the document!


В скрипте в секции Set needed Variables надо задать только имя хоста. Остальные параметры (DNS, domain-name, DOMAIN controllers) скрипт получает из DHCP и DNS.

Запускать так: sudo ./script.sh
Сделать:

3. http://kerberos.996246.n3.nabble.com/Pending-quot-gss-init-sec-context-failed-Unspecified-GSS-failure-quot-td22422.html I had the same problem/error and fixed it by adding “allow_weak_crypto = true” under [libdefaults] in /etc/krb5.conf This works for me, at least on Debian Squeeze, Ubuntu Karmic, and Ubuntu Lucid. This was announced in /usr/share/doc/libkrb5-3/NEWS.Debian.gz. Hope this helps.

#! /bin/bash

####################################
#### Set needed Variables
####################################
CONNECTION=`ip link | grep 'state UP' | awk '{ print $2 }' | sed 's/:$//'`
NEW_DOMAINNAME=`grep 'option domain-name' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/"//g;s/;//g'`
DNS_SERVERS=`grep 'option domain-name-servers' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/,/ /g;s/;//g'`
DNS_STATIC_SEARCHLIST="$NEW_DOMAINNAME sberbank.ru"
DOMAIN_CONTROLLERS=`host -t srv _ldap._tcp.$NEW_DOMAINNAME | awk {'print $8'} | sed 's/.$//g'`
DEFAULT_REALM="${NEW_DOMAINNAME^^}"
NETBIOS_DOMAIN_NAME=$(echo $DEFAULT_REALM | sed  '1,$ s/\..*//g')
CA_CERT_PREFIX="SberBank_Root_CA"

# check root
if [ "$(id -u)" != "0" ]; then
  echo "You do not have the appropriate privileges..."
  exit 1
fi

##############################################
### Disable IPv6
##############################################
cp /etc/sysctl.conf /etc/sysctl.conf.bak_`date +"%d.%m.%y_%H-%M"`
sed -i '/^net.ipv6.conf/D' /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.lo.disable_ipv6 = 1' | sudo tee -a /etc/sysctl.conf
sysctl -p

##############################################
### Setting up NameServers
##############################################
echo "search $DNS_STATIC_SEARCHLIST" | sudo tee -a /etc/resolvconf/resolv.conf.d/base
echo -ne > /etc/resolvconf/resolv.conf.d/head
for nameserver in $DNS_SERVERS; do echo "nameserver $nameserver" | sudo tee -a /etc/resolvconf/resolv.conf.d/head ;done
resolvconf -u

###########################################
### Add Certificates
###########################################
openssl s_client -showcerts -connect ya.ru:443 </dev/null > chain.pem
csplit -k -f $CA_CERT_PREFIX ./chain.pem '/END CERTIFICATE/+1' {10}
find ./ -iname $CA_CERT_PREFIX\* -type f -exec grep -F -L 'END CERTIFICATE' '{}' + | xargs -d '\n' rm
for file in "$CA_CERT_PREFIX"* ; do sudo mv "$file" /usr/local/share/ca-certificates/"$file".pem ; done
for file in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ; do sudo cp "$file" /etc/ssl/certs/ ; done
c_rehash /etc/ssl/certs/
c_rehash /usr/local/share/ca-certificates/
update-ca-certificates
rm -f ./chain.pem

####################################
#### Setup Software
####################################
#echo "deb http://ppa.launchpad.net/kubuntu-ppa/backports/ubuntu xenial main" > /etc/apt/sources.list.d/kubuntu-ppa.list
#apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8AC93F7A
#echo "deb https://tel.red/repos/ubuntu xenial non-free" > /etc/apt/sources.list.d/telred.list
#apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE49F8C5
#echo "deb [arch=amd64] http://repo.yandex.ru/yandex-browser/deb beta main" > /etc/apt/sources.list.d/yandex-browser.list
#curl -k https://repo.yandex.ru/yandex-browser/YANDEX-BROWSER-KEY.GPG | sudo apt-key add -

apt-get update
apt-get -y upgrade
#apt-get -y install kubuntu-full
apt-get -y install kubuntu-desktop
apt-get -y install xorg
apt-get -y install nano curl openssl libnss3-tools \
chrony krb5-config krb5-locales krb5-user libpam-krb5 \
samba smbclient winbind libpam-winbind libnss-winbind gss-ntlmssp \
ldap-utils cifs-utils libsasl2-modules-gssapi-mit \
libreoffice-l10n-ru aspell-ru language-pack-gnome-ru language-pack-gnome-ru-base \
language-pack-ru language-pack-ru-base language-pack-kde-ru \
evolution evolution-ews evolution-plugins desktop-file-utils \
xvfb myspell-ru build-essential libc6-i386

apt-get -y --allow-unauthenticated install flashplugin-installer yandex-browser-beta
#apt-get -y install sky
#apt-get install clamav tightvncserver
###  http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_20170411.1.orig.tar.gz
curl -o /tmp/adobe-flashplugin_20170411.1.orig.tar.gz \
http://szud-linux-repo.sigma.sbrf.ru/adobe-flashplugin_20170411.1.orig.tar.gz \
&& /usr/lib/flashplugin-installer/install_plugin \
/tmp/adobe-flashplugin_20170411.1.orig.tar.gz \
&& rm /tmp/adobe-flashplugin_20170411.1.orig.tar.gz

#####################################################################
### Download and install Citrix VDA
#####################################################################
curl -o ./VDA.deb http://szud-linux-repo.sigma.sbrf.ru/xendesktopvda_7.13.0.382-1.Kubuntu16.04_amd64.deb && apt-get -y install ./VDA.deb && rm -f ./VDA.deb

###############################################
### Setup Services
###############################################
systemctl enable ssh
systemctl enable nmbd.service
systemctl enable samba.service
systemctl enable winbind.service
#############################################
#### Setting sudo
#############################################
cat <<EOF > /etc/sudoers.d/domain_users
localuser       ALL=(ALL) ALL
%$NETBIOS_DOMAIN_NAME\\\\domain\ users          ALL=(ALL) ALL
%domain\ users          ALL=(ALL) ALL
%$NETBIOS_DOMAIN_NAME\\\\domain\ admins      ALL=(ALL) NOPASSWD: ALL
%domain\ admins      ALL=(ALL) NOPASSWD: ALL
EOF

sed -i "/^Defaults\ targetpw.*\$/ s/^/#/" /etc/sudoers
sed -i "/^Defaults\ env_reset.*\$/ s/\ env_reset/\ \!env_reset/" /etc/sudoers
sed -i "/^ALL.*ALL=(ALL).*\$/ s/^/#/" /etc/sudoers

############################################################
#### Suppress PolKit prompt messages
############################################################
#cat <<EOF > /etc/polkit-1/localauthority/50-local.d/allow_all.pkla
#[Do not prompt users with any messages]
#Identity=unix-user:*
#Action=*
#ResultAny=yes
#ResultInactive=yes
#EOF

cat <<EOF > /etc/polkit-1/localauthority/50-local.d/55-inhibit-shutdown.pkla
[Disable PowerOff, Reboot, Hibernate, Suspend]
Identity=unix-user:*
Action=org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=no
ResultInactive=no
ResultActive=no
EOF

cat <<EOF > /etc/polkit-1/localauthority/50-local.d/60-inhibit-network-changes.pkla
[Disable PowerOff, Reboot, Hibernate, Suspend]
Identity=unix-user:*
Action=org.freedesktop.NetworkManager.*
ResultAny=no
ResultInactive=no
ResultActive=no
EOF

#########################################
### Setup NTP servers
#########################################
sed -i "/^pool.*\$/ s/^/#/" /etc/chrony/chrony.conf
sed -i "/^server.*\$/ s/^/#/" /etc/chrony/chrony.conf

for dc in $DOMAIN_CONTROLLERS;
do
echo "server $dc iburst" | sudo tee -a /etc/chrony/chrony.conf
done

#########################################
### Setup Kerberos /etc/krb5.conf
#########################################
LIBDEFAULTS=$(cat <<EOF
[libdefaults]
dns_lookup_kdc = true
dns_lookup_realm = false
default_realm = $DEFAULT_REALM
clockskew = 300
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
EOF
)

REALMS_KDC=$(for i in $DOMAIN_CONTROLLERS; do echo "kdc = $i";done)

REALMS=$(cat <<EOF

[realms]
$DEFAULT_REALM = {
$REALMS_KDC
default_domain = $DEFAULT_REALM
}
EOF
)

DOMAIN_REALM=$(cat <<EOF

[domain_realm]
.$NEW_DOMAINNAME = $DEFAULT_REALM
$NEW_DOMAINNAME = $DEFAULT_REALM

[appdefaults]
pam = {
        ticket_lifetime = 1d
        renew_lifetime = 1d
        forwardable = true
        proxiable = false
        minimum_uid = 1
}
EOF
)

echo "$LIBDEFAULTS" > /etc/krb5.conf
echo "$REALMS" >> /etc/krb5.conf
echo "$DOMAIN_REALM" >> /etc/krb5.conf

########################################
#### Configure /etc/samba/smb.conf
########################################
SMB_CONF=$(cat <<EOF
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
        workgroup = $NETBIOS_DOMAIN_NAME
        passdb backend = tdbsam
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        usershare allow guests = No
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        realm = $DEFAULT_REALM
        security = ADS
        template homedir = /home/%D/%U
        template shell = /bin/bash
        usershare max shares = 100
        encrypt passwords = yes
        kerberos method = secrets and keytab
        winbind nested groups = yes
        winbind offline logon = yes
        winbind refresh tickets = yes
        winbind use default domain = yes
        dns proxy = no
        domain master = no
        local master = no
        preferred master = no
        load printers = no
        show add printer wizard = no
        printcap name = /dev/null
        disable spoolss = yes
        client use spnego = yes
        client ntlmv2 auth = yes
EOF
)

mv /etc/samba/smb.conf /etc/samba/smb.conf.bak_`date +"%d.%m.%y_%H-%M"`
echo "$SMB_CONF" > /etc/samba/smb.conf

########################################
#### Configure /etc/nsswitch.conf
########################################
sed -i '/^passwd:.*compat$/ s/$/ winbind/' /etc/nsswitch.conf
sed -i '/^group:.*compat$/ s/$/ winbind/' /etc/nsswitch.conf
sed -i '/^hosts:/ s/:.*$/: files dns/' /etc/nsswitch.conf

##########################################
#### Configure PAM
##########################################
sed -i "/^Default:.*\$/ s/:.*$/: yes/" /usr/share/pam-configs/mkhomedir
sed -i '/^mkhomedir/D' /var/lib/pam/seen
pam-auth-update --package
################################################################
### Fix /etc/pam.d/sddm to allow copy /etc/skel/ on first logon
### https://wiki.autosys.tk/doku.php?id=linux_faq:kde_not_copying_etc_skel_on_user_first_login
################################################################
sed -i '/pam_kwallet/ s/^/#/g' /etc/pam.d/sddm

#################################################
### Disable autologin
#################################################
#sed -i "/^DISPLAYMANAGER_AUTOLOGIN=.*\$/ s/=.*$/=\"\"/" /etc/sysconfig/displaymanager

#####################################################
#### Set SDDM Theme to allow input Username
#####################################################
cp /usr/share/sddm/themes/breeze/Login.qml /usr/share/sddm/themes/breeze/Login.qml.bak_`date +"%d.%m.%y_%H-%M"`
sed -i "/^.*property bool showUsernamePrompt:.*\$/ s/:.*$/: true/" /usr/share/sddm/themes/breeze/Login.qml

#######################################################
#### Import CA Certificates into Browsers
#   http://blog.xelnor.net/firefox-systemcerts/
#######################################################
HOMEDIR=$(getent passwd $SUDO_USER | cut -d: -f6)
apt-get -y install libnss3-tools
rm -Rf $HOMEDIR/.mozilla
rm -Rf $HOMEDIR/.pki

########################################################
#### Create and fill cert8.db in Firefox Profile
########################################################
killall firefox
sudo -u  $SUDO_USER xvfb-run --server-args="-screen 0, 1280x1024x24" firefox -CreateProfile default
FirefoxProfileDir=$(find $HOMEDIR'/.mozilla/firefox/' -iname '*.default');
for certificateFile in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ;
do
 certutil -A -n "${certificateFile}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${FirefoxProfileDir}
done
chmod -R a+rw $HOMEDIR/.mozilla/firefox/*

################################################################################
#### Import certificates into nssdb for Chromium engine
################################################################################
mkdir --parents $HOMEDIR/.pki/nssdb
echo 1q2w3e4r | sudo tee $HOMEDIR/.pki/nssdb/password-file
certutil -N -f $HOMEDIR/.pki/nssdb/password-file -d $HOMEDIR/.pki/nssdb
for certificateFile in /usr/local/share/ca-certificates/"$CA_CERT_PREFIX"* ;
do
 certutil -f $HOMEDIR/.pki/nssdb/password-file -A -n "${certificateFile}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d sql:$HOMEDIR/.pki/nssdb
done
chmod -R a+rw $HOMEDIR/.pki/nssdb/*

#########################################################
### Copy databases with imported certs to default profile
#########################################################
rm -Rf /etc/skel/.pki/nssdb/*
rm -Rf /etc/skel/.mozilla/firefox/*
mkdir --parents /etc/skel/.pki/nssdb/
cp -Rf $HOMEDIR/.pki/nssdb/* /etc/skel/.pki/nssdb/
mkdir --parents /etc/skel/.mozilla/firefox/
cp -Rf $HOMEDIR/.mozilla/firefox/* /etc/skel/.mozilla/firefox/

############################################################
### Setup Evolution Mail Client
############################################################
### Force Evolution Mail to be online
############################################################
mkdir --parents /etc/skel/.config/plasma-workspace/env/
cat <<EOF > /etc/skel/.config/plasma-workspace/env/evolution.sh
#!/bin/bash
export LANG=ru_RU.utf8
export LANGUAGE=ru_RU
export GIO_USE_NETWORK_MONITOR=base
EOF
##############################################################
### Create Evolution EWS Autodiscovery Script
##############################################################
mkdir --parents /etc/skel/.config/autostart-scripts/
cat <<ENDOFSCRIPT > /etc/skel/.config/autostart-scripts/ews_autodiscovery.sh
#! /bin/bash

export GIO_USE_NETWORK_MONITOR=base
DOMAINNAME=\`hostname -d\`
##################################################
### Check if Evolution EWS source file exist
##################################################
if [ -f ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.1.source ]; then
echo
else
##########################################
## Check if connected to AD
##########################################
if ! wbinfo -P; then
echo "NETLOGON test failed" >> ~/.ews_setup.log
else
echo "NETLOGON test OK" >> ~/.ews_setup.log

CURRENT_DC=\`wbinfo -P | awk '{print \$9}' | awk -F "\"" '{print \$2}'\`
FULL_NAME=\`wbinfo -i \$USER | awk -F ":" '{print \$5}'\`
BASEDN=\`echo \$CURRENT_DC | sed s/^[^.]*.//g | sed s/"\."/,dc=/g | sed s/^/dc=/\`
MAIL=\`ldapsearch -h \$CURRENT_DC -b "\$BASEDN" "sAMAccountName=\$USER" | grep mail: | awk '{print \$2 }'\`

###############################################################################################
### MS Exchange autodiscovery
#### https://github.com/sys4/automx/blob/master/src/automx-test
#### http://stackoverflow.com/questions/38509837/when-using-negotiate-with-curl-is-a-keytab-file-required
#### Joined AD with samba/winbind and have package gss-ntlmssp
###############################################################################################
AUTOD_URL="https://autodiscover.\`echo \$MAIL | sed 's/^.*@//'\`"/autodiscover/autodiscover.xml
REQUEST=\$(cat <<EOF
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request>
<EMailAddress>\$MAIL</EMailAddress>
<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
</Request>
</Autodiscover>
EOF
)

bash -c "curl -k -d '\$REQUEST' --header \"Content-Type: text/xml\" -s --negotiate -u : \$AUTOD_URL" > ~/.autodiscover.xml
OABUrl=\$(cat ~/.autodiscover.xml | grep -m 1 OABUrl | awk -F '[<>]' '{ print \$3 }')oab.xml
EwsUrl=\$(cat ~/.autodiscover.xml | grep -m 1 EwsUrl | awk -F '[<>]' '{ print \$3 }')
EwsHost=\$(echo \$EwsUrl | awk -F '/' '{ print \$3 }')
rm ~/.autodiscover.xml

echo CURRENT_DC - \$CURRENT_DC > ~/.ews_setup.log
echo FULL_NAME - \$FULL_NAME >> ~/.ews_setup.log
echo BASEDN - \$BASEDN >> ~/.ews_setup.log
echo MAIL - \$MAIL >> ~/.ews_setup.log
echo DOMAINNAME - \$DOMAINNAME >> ~/.ews_setup.log
echo OABUrl - \$OABUrl >> ~/.ews_setup.log
echo EwsUrl - \$EwsUrl >> ~/.ews_setup.log
echo EwsHost - \$EwsHost >> ~/.ews_setup.log
################################################################
### Check URLs format
################################################################
echo \$OABUrl | grep -E '(https|http)://(([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/(oab|OAB)([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/oab.xml)'
OAB_URL_Check=\$?
echo \$EwsUrl | grep -E '(https|http)://(([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/(ews|EWS)([[:alnum:]]|-|_|\.|~|!|\*|;|:|@|&|=|+|\$|,|/|\?|%|#|\[|\]])*/exchange.asmx)'
EWS_URL_Check=\$?

if [ \$OAB_URL_Check != 0 ] || [ \$EWS_URL_Check != 0 ]; then
echo "OAB and EWS URLs check failed... Exit..." >> ~/.ews_setup.log
else
echo "OAB and EWS URLs check OK" >> ~/.ews_setup.log

######################################################################
### CleaningUp and creating evolution source files
######################################################################
killall evolution-source-registry
rm -Rf ~/.config/evolution/sources
mkdir --parents ~/.config/evolution/sources

#####################################################################################
cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.1.source
[Data Source]
DisplayName=\$MAIL
Enabled=true
Parent=

[Offline]
StaySynchronized=true

[Authentication]
Host=\$EwsHost
Method=GSSAPI
Port=443
ProxyUid=system-proxy
RememberPassword=true
User=\$USER
CredentialName=

[Collection]
BackendName=ews
CalendarEnabled=true
ContactsEnabled=true
Identity=\$USER
MailEnabled=true

[Security]
Method=none

[Ews Backend]
FilterInbox=true
StoreChangesInterval=3
CheckAll=true
ListenNotifications=true
Email=\$MAIL
FilterJunk=true
FilterJunkInbox=false
FoldersInitialized=true
GalUid=ews.\$USER.\$DOMAINNAME
Hosturl=\$EwsUrl
Oaburl=\$OABUrl
OabOffline=true
OalSelected=
Timeout=300
UseImpersonation=false
ImpersonateUser=
EOF

######################################################################
cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.0.source
[Data Source]
DisplayName=\$MAIL
Enabled=true
Parent=ews.\$USER.\$DOMAINNAME.1

[Mail Composition]
Bcc=
Cc=
DraftsFolder=folder://ews.\$USER.\$DOMAINNAME/%d0%a7%d0%b5%d1%80%d0%bd%d0%be%d0%b2%d0%b8%d0%ba%d0%b8
SignImip=true
TemplatesFolder=folder://local/Templates

[Mail Identity]
Address=\$MAIL
Name=\$FULL_NAME
Organization=
ReplyTo=
SignatureUid=none

[Mail Submission]
SentFolder=folder://ews.\$USER.\$DOMAINNAME/%d0%9e%d1%82%d0%bf%d1%80%d0%b0%d0%b2%d0%bb%d0%b5%d0%bd%d0%bd%d1%8b%d0%b5
TransportUid=ews.\$USER.\$DOMAINNAME.13
RepliesToOriginFolder=false
EOF

######################################################################
cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.3.source
[Data Source]
DisplayName=\$MAIL
Enabled=true
Parent=ews.\$USER.\$DOMAINNAME.1

[Refresh]
Enabled=true
IntervalMinutes=3

[Mail Account]
BackendName=ews
IdentityUid=ews.\$USER.\$DOMAINNAME
ArchiveFolder=
EOF

###############################################################################
cat <<EOF > ~/.config/evolution/sources/ews.\$USER.\$DOMAINNAME.13.source
[Data Source]
DisplayName=\$MAIL
Enabled=true
Parent=ews.\$USER.\$DOMAINNAME.1

[Mail Transport]
BackendName=ews
EOF

################################################################################
cat <<EOF > ~/.config/evolution/sources/local.source
# Special built-in mail store.
[Data Source]
DisplayName=On This Computer
Enabled=false
Parent=

[Mail Account]
BackendName=maildir
IdentityUid=self
ArchiveFolder=

[Maildir Backend]
FilterInbox=true
Path=\$HOME/.local/share/evolution/mail/local
EOF

########################################################################
cat <<EOF > ~/.config/evolution/sources/vfolder.source
# Special built-in mail store.

[Data Source]
DisplayName=Search Folders
Enabled=false
Parent=

[Mail Account]
BackendName=vfolder
IdentityUid=self
ArchiveFolder=

[Vfolder Backend]
FilterInbox=true
EOF

##########################################################################
mkdir --parents ~/.config/evolution/mail/
cat <<EOF > ~/.config/evolution/mail/state.ini
[GlobalFolder]
GroupByThreads=false
PreviewVisible=true

[Store ews.\$USER.\$DOMAINNAME.3]
Expanded=true

[Search Bar]
SearchScope=mail-scope-current-folder
SearchOption=mail-search-subject-or-addresses-contain

[Folder Tree]
Selected=folder://ews.\$USER.\$DOMAINNAME.3/%d0%92%d1%85%d0%be%d0%b4%d1%8f%d1%89%d0%b8%d0%b5

[Folder folder://ews.\$USER.\$DOMAINNAME.3/%d0%92%d1%85%d0%be%d0%b4%d1%8f%d1%89%d0%b8%d0%b5]
GroupByThreads=false
PreviewVisible=true
Expanded=true

EOF

fi
fi
fi
ENDOFSCRIPT

chmod +x /etc/skel/.config/autostart-scripts/ews_autodiscovery.sh

#############################################################
### Disable Screen Locker By Default
#############################################################
mkdir --parents /etc/skel/.config/
cat <<EOF > /etc/skel/.config/kscreenlockerrc
[Daemon]
Autolock=false
EOF

#########################################################
### Disable KDEWallet By Default
#########################################################
mkdir --parents /etc/skel/.config
cat <<EOF > /etc/skel/.config/kwalletrc
[Wallet]
Enabled=false
EOF

############################################################
### Enable Autostart apps
############################################################
mkdir --parents /etc/skel/.config/autostart/
cp /usr/share/applications/sky.desktop /etc/skel/.config/autostart/

##########################################################
###Change Default Desktop View to Folder
##########################################################
cp /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults.bak_`date +"%d.%m.%y_%H-%M"`
sed -i '/Containment=/ s/org.kde.desktopcontainment$/org.kde.plasma.folder/' /usr/share/plasma/shells/org.kde.plasma.desktop/contents/defaults

#############################################################
### Disable Desktop Effects By Default (Compositor)
#############################################################
cat <<EOF > /etc/skel/.config/kwinrc
[Compositing]
Enabled=false
EOF

#########################################################
### Create Default Shortcuts
#########################################################
mkdir --parents /etc/skel/Desktop
cp /usr/share/applications/evolution.desktop /etc/skel/Desktop/
cp /usr/share/applications/libreoffice-calc.desktop /etc/skel/Desktop/
cp /usr/share/applications/libreoffice-writer.desktop /etc/skel/Desktop/
cp /usr/share/applications/libreoffice-impress.desktop /etc/skel/Desktop/
cp /usr/share/applications/yandex-browser-beta.desktop /etc/skel/Desktop/
cp /usr/share/applications/org.kde.konsole.desktop /etc/skel/Desktop/
cp /usr/share/applications/org.kde.dolphin.desktop /etc/skel/Desktop/

chmod +x /etc/skel/Desktop/*

###############################################################################
### Modifying KDE default panel settings
### https://forum.kde.org/viewtopic.php?f=67&t=94534#p193422
### http://askubuntu.com/questions/897979/unable-to-populate-a-kde-quicklaunch-widget-via-the-plasma-scripting-interface
##############################################################################
cp /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js.bak_`date +"%d.%m.%y_%H-%M"`
#########################################################
#### Change kickoff menu to kicker by default for new users
#### org.kde.plasma.kickoff -> org.kde.plasma.kicker
#########################################################
sed -i 's/kickoff/kicker/g' /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
###########################################################################
#### Add quick launchers
############################################################################
QUICKLAUNCHERS=$(cat <<EOF

//Add QuickLaunchers
var quicklaunch = panel.addWidget("org.kde.plasma.quicklaunch");
var qlurls = ["file:///usr/share/applications/yandex-browser-beta.desktop",
          "file:///usr/share/applications/evolution.desktop",
          "file:///usr/share/applications/libreoffice-writer.desktop",
          "file:///usr/share/applications/libreoffice-calc.desktop",
          "file:///usr/share/applications/org.kde.dolphin.desktop",
          "file:///usr/share/applications/org.kde.konsole.desktop"
         ];
quicklaunch.currentConfigGroup = ["General"];
quicklaunch.writeConfig("launcherUrls", qlurls);
EOF
)

grep -q "//Add QuickLaunchers" /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js
[ $? -ne 0 ] && while read line
do
        echo "$line" >> /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new
        echo "$line" | grep -q "kicker.writeConfig"
        [ $? -eq 0 ] && echo "$QUICKLAUNCHERS" >> /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new
done < /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js

mv /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js_new /usr/share/plasma/layout-templates/org.kde.plasma.desktop.defaultPanel/contents/layout.js

###########################################################################################
### Enable Russian Locale
###########################################################################################
locale-gen ru_RU.UTF-8
update-locale LANG="ru_RU.UTF-8" LANGUAGE="ru_RU"
mkdir --parents /etc/skel/.config/
cat <<EOF > /etc/skel/.config/plasma-locale-settings.sh
# Generated script, do not edit
# Exports language-format specific env vars from startkde.
# This script has been generated from kcmshell5 formats.
# It will automatically be overwritten from there.
export LANG=cu_RU.UTF-8
export LANGUAGE=ru
EOF

cat <<EOF > /etc/skel/.config/plasma-localerc
[Formats]
LANG=cu_RU.UTF-8

[Translations]
LANGUAGE=ru
EOF

cat <<EOF > /etc/skel/.config/kdeglobals
[Translations]
LANGUAGE=ru
EOF

mkdir --parents /etc/skel/.config/KDE
cat <<EOF > /etc/skel/.config/KDE/Sonnet.conf
[General]
autodetectLanguage=true
backgroundCheckerEnabled=true
checkUppercase=true
checkerEnabledByDefault=false
defaultClient=
defaultLanguage=ru_RU
ignore_ru_RU=Amarok, KAddressBook, KDevelop, KHTML, KIO, KJS, KMail, KMix, KOrganizer, Konqueror, Kontact, Nepomuk, Okular, Qt, Sonnet
skipRunTogether=true
EOF

cat <<EOF > /etc/skel/.config/kcminputrc
[Keyboard]
KeyboardRepeating=0
NumLock=2
RepeatDelay=600
RepeatRate=25
EOF

cat <<EOF > /etc/skel/.config/kxkbrc
[Layout]
DisplayNames=,
LayoutList=ru,us
LayoutLoopCount=-1
Model=pc101
Options=grp:alt_shift_toggle,grp:ctrl_shift_toggle
ResetOldOptions=true
ShowFlag=false
ShowLabel=true
ShowLayoutIndicator=true
ShowSingle=false
SwitchMode=Global
Use=true
EOF

############################################################
### Export Locale Variables
############################################################
mkdir --parents /etc/skel/.config/plasma-workspace/env/
cat <<EOF > /etc/skel/.config/plasma-workspace/env/locale_ru.sh
#!/bin/bash
export LANG=ru_RU.utf8
export LANGUAGE=ru_RU
EOF

###########################################################
### Set MIME types applications
###########################################################
xdg-settings set default-url-scheme-handler yandex-browser-beta.desktop
xdg-settings set default-url-scheme-handler yandex-browser-beta.desktop

#cat <<EOF > /etc/skel/.config/mimeapps.list
#[Default Applications]
#inode/directory=org.kde.dolphin.desktop
#x-scheme-handler/http=yandex-browser-beta.desktop
#x-scheme-handler/https=yandex-browser-beta.desktop
#EOF

#######################################################################################
### Setup LibreOffice Locale
#######################################################################################
mkdir --parents /etc/skel/.config/libreoffice/4/user/
cat <<EOF > /etc/skel/.config/libreoffice/4/user/registrymodifications.xcu
<?xml version="1.0" encoding="UTF-8"?>
<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.presentation.PresentationDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>Impress MS PowerPoint 2007 XML</value></prop></item>
<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.sheet.SpreadsheetDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>Calc MS Excel 2007 XML</value></prop></item>
<item oor:path="/org.openoffice.Setup/Office/Factories/org.openoffice.Setup:Factory['com.sun.star.text.TextDocument']"><prop oor:name="ooSetupFactoryDefaultFilter" oor:op="fuse"><value>MS Word 2007 XML</value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/SpellCheckerList"><prop oor:name="ru-RU" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/SpellCheckerList"><prop oor:name="en-US" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/LastFoundSpellCheckers"><prop oor:name="ru-RU" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/ServiceManager/LastFoundSpellCheckers"><prop oor:name="en-US" oor:op="fuse" oor:type="oor:string-list"><value><it>org.openoffice.lingu.MySpellSpellChecker</it></value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale_CTL" oor:op="fuse"><value></value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale" oor:op="fuse"><value>ru-RU</value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="DefaultLocale_CJK" oor:op="fuse"><value></value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="IsIgnoreControlCharacters" oor:op="fuse"><value>true</value></prop></item>
<item oor:path="/org.openoffice.Office.Linguistic/General"><prop oor:name="UILocale" oor:op="fuse"><value>ru</value></prop></item>
<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="ooLocale" oor:op="fuse"><value>ru</value></prop></item>
<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="ooSetupSystemLocale" oor:op="fuse"><value>ru-RU</value></prop></item>
<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="IgnoreLanguageChange" oor:op="fuse"><value>false</value></prop></item>
<item oor:path="/org.openoffice.Setup/L10N"><prop oor:name="DecimalSeparatorAsLocale" oor:op="fuse"><value>true</value></prop></item>
</oor:items>
EOF

####################################################################
#### Install Kaspersky
####################################################################
ADDONSDIR="/tmp/addons"
mkdir --parents $ADDONSDIR
curl http://szud-linux-repo.sigma.sbrf.ru/addons.tar.gz | tar -xzv -C $ADDONSDIR
apt-get -y install libc6-i386 build-essential
dpkg -i --force-architecture $ADDONSDIR/kes10/*.deb

###‘PT_PTRACE_CAP’ undeclared (first use in this function)
sed -i 's/ | PT_PTRACE_CAP//' /opt/kaspersky/kav4fs/src/kernel/module.linux/interceptor_rfs.c
/opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --auto-install=$ADDONSDIR/kes10/install.conf

### i_mutex_fix
sed -i 's/mutex_lock(&inode->i_mutex);/inode_lock(inode);/' /opt/kaspersky/kav4fs/src/kernel/redirfs/rfs.h
sed -i 's/mutex_unlock(&inode->i_mutex);/inode_unlock(inode);/' /opt/kaspersky/kav4fs/src/kernel/redirfs/rfs.h

/opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl <$ADDONSDIR/kes10/server
/opt/kaspersky/kav4fs/bin/kav4fs-wmconsole-passwd
service kav4fs-wmconsole restart

reboot

Join AD & Setup VDA

#! /bin/bash

####################################
#### Set needed Variables
####################################
NEW_HOSTNAME=$1
CONNECTION=`ip link | grep 'state UP' | awk '{ print $2 }' | sed 's/:$//'`
NEW_DOMAINNAME=`grep 'option domain-name' /var/lib/dhcp/dhclient.$CONNECTION.leases | tail -n 1 | awk '{print $3}' | sed 's/"//g;s/;//g'`

# check root
if [ "$(id -u)" != "0" ]; then
  echo "You do not have the appropriate privileges..."
  exit 1
fi

# check hostname $1
if [[ -z "$1" ]]; then
        echo "Hostname is epmty"
        echo "Try to run: ./join_ad_ctx.sh new-host-name"
        exit 1
fi

###############################################
### Setting HOSTNAME, DOMAINNAME
###############################################
sed -i '/^127./D' /etc/hosts
echo "127.0.0.1 $NEW_HOSTNAME.$NEW_DOMAINNAME $NEW_HOSTNAME localhost" | sudo tee -a /etc/hosts
echo "127.0.0.2 $NEW_HOSTNAME.$NEW_DOMAINNAME $NEW_HOSTNAME" | sudo tee -a /etc/hosts
hostname $NEW_HOSTNAME
domainname $NEW_DOMAINNAME
echo $NEW_HOSTNAME.$NEW_DOMAINNAME | sudo tee /etc/HOSTNAME
echo $NEW_HOSTNAME.$NEW_DOMAINNAME | sudo tee /etc/hostname

net ads join -U ADDSIGMACA

/opt/Citrix/VDA/sbin/ctxcleanup.sh
CTX_XDL_SUPPORT_DDC_AS_CNAME=N \
CTX_XDL_DDC_LIST="v-szud-ctxdc-01.sigma.sbrf.ru v-szud-ctxdc-02.sigma.sbrf.ru" \
CTX_XDL_VDA_PORT=80 \
CTX_XDL_REGISTER_SERVICE=Y \
CTX_XDL_ADD_FIREWALL_RULES=Y \
CTX_XDL_AD_INTEGRATION=1 \
CTX_XDL_HDX_3D_PRO=N \
CTX_XDL_VDI_MODE=Y \
CTX_XDL_SITE_NAME='<none>' \
CTX_XDL_LDAP_LIST='<none>' \
CTX_XDL_SEARCH_BASE='<none>' \
CTX_XDL_START_SERVICE=Y \
/opt/Citrix/VDA/sbin/ctxsetup.sh

sleep 10
reboot

Join multiple VMs to AD

#! /bin/bash
vms_ip=$(cat <<EOF
10.38.246.47
10.38.247.23
10.38.246.46
10.38.247.22
10.38.246.45
10.38.246.44
10.38.246.43
10.38.246.42
10.38.246.41
EOF
)

i=30
for ip_addr in $vms_ip; do
echo 'IP '$ip_addr ' name - szud-ubuntu'$i
ssh -o StrictHostKeyChecking=no -t localuser@$ip_addr "sudo ~/join_ad_setup_ctx.sh szud-ubuntu$i" &
((i-=1))
done
Enter your comment. Wiki syntax is allowed:
 
  • linux_faq/ubuntu_setup_script.1562183929.txt
  • Last modified: 2019/07/03 19:58
  • by admin