ADconnection.sh

#!/bin/bash
##################################################################################################################################
#                                                                                                                                #
#                                           This script is written by Pierre Gode                                                #
#      This program is open source; you can redistribute it and/or modify it under the terms of the GNU General Public           #
#                     This is an normal bash script and can be executed with sh EX: ( sudo sh ADconnection.sh )                  #
# Generic user setup is: administrator, domain admins, groupnamesudores= groupname=hostname + sudoers on groupname in AD groups  #
#       Supported OS's: Ubuntu 14-18 + mate,Debian ,Cent OS,Rasbian ,Fedora.Linux Mint and Kali ( autodetect function ) 	 #
#                                                                                                                                #
##################################################################################################################################
#known bugs: Sometimes the script bugs after AD administrator tries to authenticate, temporary solution is running the script again
# a couple of times. if it still is not working see line 24-25
#known bugs: see line 24-33
#
# ~~~~~~~~~~  Environment Setup ~~~~~~~~~~ #
    NORMAL=$(echo "\033[m")
    MENU=$(echo "\033[36m") #Blue
    NUMBER=$(echo "\033[33m") #yellow
    RED_TEXT=$(echo "\033[31m") #Red
    INTRO_TEXT=$(echo "\033[32m") #green and white text
    END=$(echo "\033[0m")
# ~~~~~~~~~~  Environment Setup ~~~~~~~~~~ #

################################ fix errors # funktion not called ################
fixerrors(){
#this funktion is not called in the script : to activate, uncomment line line 31 #fixerrors
#This funktion installs additional pakages due to known issues with Joining and the join hangs after the admin auth
sudo add-apt-repository ppa:xtrusia/packagekit-fix
sudo apt-get update
sudo apt-get install packagekit
MENU_FN
}
#fixerrors
#Realmdupdate11

####################### final auth ##################################################################
#this section will do the last part, configure sssd, ssh, login session sam files and sudoers#
fi_auth(){
sudo echo "############################"
sudo echo "Configuratig files.."
sudo echo "Verifying the setup"
sudo systemctl enable sssd
sudo systemctl start sssd
states=$( echo null )
states1=$( echo null )
grouPs=$( echo null )
therealm=$( echo null )
cauth=$( echo null )
clear
read -p "${RED_TEXT}"'Do you wish to enable SSH login.group.allowed'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
   case $yn in
    [Yy]* ) sudo echo "Cheking if there is any previous configuration"
	if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "Files seems already to be modified, skipping..."
else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -p "Is your current administrator = "$admins" ? (y/n)?" yn
   case $yn in
    [Yy]* ) sudo echo "$admins"  | sudo tee -a /etc/ssh/login.group.allowed;;
    [Nn]* ) echo "please type name of current administrator"
read -p MYADMIN
sudo echo $MYADMIN | sudo tee -a /etc/ssh/login.group.allowed;;
    * ) echo "Please answer yes or no.";;
   esac
sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
    [Nn]* ) echo "Disabled SSH login.group.allowed"
    states1=$( echo 12 );;
    * ) echo "Please answer yes or no.";;
   esac
echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -p "${RED_TEXT}"'Do you wish to give users on this machine sudo rights?'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
   case $yn in
    [Yy]* ) sudo echo "Cheking if there is any previous configuration"
	if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "The Sudoers file seems already to be modified, skipping..."
echo ""
else
read -p "${RED_TEXT}"'Do you wish to DISABLE password promt for users in terminal?'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
   case $yn in
    [Yy]* )
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;

 [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;
    * ) echo "Please answer yes or no.";;
   esac
fi;;
    [Nn]* ) echo "Disabled sudo rights for users on this machine"
    	    echo ""
	    echo ""
	    states=$( echo 12 );;
    * ) echo 'Please answer yes or no.';;
   esac
homedir=$( cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3 )
if [ $homedir = 0022 ]
then
echo "pam_mkhomedir.so configured"
sleep 1
else
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
fi
Arm=$( sudo hostnamectl | grep Architecture | awk '{print $2}' )
if [ "$Arm" = "arm" ]
then
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu-mate.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu-mate.conf"
else
logintrue=$( cat /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf | grep -i -m1 login )
if [ -f /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ]
then
if [ "$logintrue" =  "greeter-show-manual-login=true" ]
then
echo "50-ubuntu.conf is already configured.. skipping"
else
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
fi
else
echo "No lightdm to configure"
fi
fi
clear
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers:        files sss/sudoers:        files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
cat /etc/sssd/sssd.conf | grep -i override
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
### Added to help with group mapping
###ldap_use_tokengroups = False
#ldap_schema = rfc2307bis
#ldap_schema = rfc2307
#ldap_schema = IPA
#ldap_schema = AD
#ldap_search_base = DC=$NetBios,DC=$coms
#ldap_group_member = uniquemember
#ad_enable_gc = False
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
################################# Check #######################################
if [ $? = 0 ]
then
echo  "Checking sssd config.. OK"
else
echo "Checking sssd config.. FAIL"
fi
therealm=$(realm discover $DOMAIN | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
if [ "$therealm" = no ]
then
echo Realm configured?.. "${RED_TEXT}"FAIL"${END}"
else
echo Realm configured?.. "${INTRO_TEXT}"OK"${END}"
fi
if [ $states = 12 ]
then
echo "Sudoers not configured... skipping"
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo Checking sudoers file..  "${INTRO_TEXT}"OK"${END}"
else
echo checking sudoers file..  "${RED_TEXT}"FAIL"${END}"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i "$myhost" | cut -d '%' -f2 | awk '{print $1}' | head -1)
if [ "$grouPs" = "$myhost""sudoers" ]
then
echo Checking sudoers user groups.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking sudoers user groups.. "${RED_TEXT}"FAIL"${END}"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi
if [ $states1 = 12 ]
then 
echo "Disabled SSH login.group.allowed"
else
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}')
if [ $cauth = allow ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM auth configuration.. "${RED_TEXT}"FAIL"${END}"
fi
fi
#realm discover $DOMAIN
if [ "$therealm" = no ]
then
echo "${RED_TEXT}"Join has Failed"${END}"
else
lastverify=$( realm discover $DOMAIN | grep -m 1 $DOMAIN )
echo ""
echo "${INTRO_TEXT}"joined to $lastverify"${END}"
echo ""
notify-send ADconnection "Joined $lastverify "
fi
echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}"
exit
fi
}

####################### final auth yum ##################################################################
#this section will do the last part, configure sssd, sam files and sudoers# same as final auth
#but without colors#
fi_auth_yum(){
sudo echo "############################"
sudo echo "Configuratig files.."
sudo echo "Verifying the setup"
sudo systemctl enable sssd
sudo systemctl start sssd
states=$( echo null )
states1=$( echo null )
grouPs=$( echo null )
therealm=$( echo null )
cauth=$( echo null )
clear
read -p 'Do you wish to enable SSH login.group.allowed (y/n)?' yn
   case $yn in
    [Yy]* ) sudo echo "Cheking if there is any previous configuration"
	if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "Files seems already to be modified, skipping..."
else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -p "Is your current administrator = "$admins" ? (y/n)?" yn
   case $yn in
    [Yy]* ) sudo echo "$admins"  | sudo tee -a /etc/ssh/login.group.allowed;;
    [Nn]* ) echo "please type name of current administrator"
read -p MYADMIN
sudo echo $MYADMIN | sudo tee -a /etc/ssh/login.group.allowed;;
    * ) echo "Please answer yes or no.";;
   esac
sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
    [Nn]* ) echo "Disabled SSH login.group.allowed"
    states1=$( echo 12 );;
    * ) echo "Please answer yes or no.";;
   esac
echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -p 'Do you wish to give users on this machine sudo rights?(y/n)?' yn
   case $yn in
    [Yy]* ) sudo echo "Cheking if there is any previous configuration"
	if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "The Sudoers file seems already to be modified, skipping..."
echo ""
else
read -p 'Do you wish to DISABLE password promt for users in terminal? (y/n)?' yn
   case $yn in
    [Yy]* )
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;

 [Nn]* ) sudo echo "administrator ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL:ALL) ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
;;
    * ) echo "Please answer yes or no.";;
   esac
fi;;
    [Nn]* ) echo "Disabled sudo rights for users on this machine"
    	    echo ""
	    echo ""
	    states=$( echo 12 );;
    * ) echo 'Please answer yes or no.';;
   esac
homedir=$( cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3 )
if [ $homedir = 0022 ]
then
echo "pam_mkhomedir.so configured"
sleep 1
else
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
fi
logintrue=$( cat /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf | grep -i -m1 login )
if [ -f /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ]
then
if [ "$logintrue" =  "greeter-show-manual-login=true" ]
then
echo "50-ubuntu.conf is already configured.. skipping"
else
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
fi
else
echo "No lightdm to configure"
fi
coms=$( echo $DOMAIN | cut -d '.' -f2 )
clear
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers:        files sss/sudoers:        files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
cat /etc/sssd/sssd.conf | grep -i override
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
### Added to help with group mapping
###ldap_use_tokengroups = False
#ldap_schema = rfc2307bis
#ldap_schema = rfc2307
#ldap_schema = IPA
#ldap_schema = AD
#ldap_search_base = DC=$NetBios,DC=$coms
#ldap_group_member = uniquemember
#ad_enable_gc = False
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
####################### Check #########################
if [ $? = 0 ]
then
echo  "Checking sssd config.. OK"
else
echo "Checking sssd config.. FAIL"
fi
therealm=$(realm discover $DOMAIN | grep -i configured: | cut -d ':' -f2 | sed -e 's/^[[:space:]]*//')
if [ "$therealm" = no ]
then
echo "Realm configured?.. FAIL"
else
echo "Realm configured?.. OK"
fi
if [ $states = 12 ]
then
echo "Sudoers not configured... skipping"
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file.. OK"
else
echo "Checking sudoers file.. FAIL"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i "$myhost" | cut -d '%' -f2 | awk '{print $1}' | head -1)
if [ "$grouPs" = "$myhost""sudoers" ]
then
echo "Checking sudoers user groups.. OK"
else
echo "Checking sudoers user groups.. FAIL"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM configuration.. OK"
else
echo "Checking PAM configuration.. FAIL"
fi
if [ $states1 = 12 ]
then 
echo "Disabled SSH login.group.allowed"
else
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | awk '{print $1}')
if [ $cauth = allow ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM auth configuration.. OK"
else
echo "Checking PAM auth configuration.. FAIL"
fi
fi
#realm discover $DOMAIN
if [ "$therealm" = no ]
then
echo "Join has Failed"
else
lastverify=$( realm discover $DOMAIN | grep -m 1 $DOMAIN )
echo ""
echo "joined to $lastverify"
echo ""
notify-send ADconnection "Joined $lastverify "
fi
echo "Please reboot your machine and wait 3 min for Active Directory to sync before login"
exit
fi
}


####################### Setup for Ubuntu 14,16 and 17 clients #######################################
#Runs ADjoin in debug mode. meaning it opens terminals following logs
linuxclientdebug(){
desktop=$(sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop | head -1 | awk '{print$1}')
gnome-terminal --geometry=130x20 -e "bash -c \"journalctl -fxe; exec bash\""
gnome-terminal --geometry=130x20 -e "bash -c \"journalctl -fxe | grep -i -e closed -e Successfully -e 'Preauthentication failed' -e 'authenticate' -e 'Failed to join the domain'; exec bash\""
linuxclient
}

################################## Join for linux clients ##########################################
linuxclient(){
TheOS=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
MintOS=$( hostnamectl | grep -i Operating | awk '{print $4}' ) < /dev/null > /dev/null 2>&1
rasp=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' ) < /dev/null > /dev/null 2>&1


#### OS detection ####
if [ "$TheOS" = "Fedora" ] < /dev/null > /dev/null 2>&1
then
echo "Fedora detected"
Fedora_fn
else
if [ "$TheOS" = "CentOS" ] < /dev/null > /dev/null 2>&1
then
echo "Cent OS detected"
CentOS
else
if [ "$TheOS" = "Debian" ] < /dev/null > /dev/null 2>&1
then
echo "Debian detected"
debianclient
else
if [ "$TheOS" = "Ubuntu" ] < /dev/null > /dev/null 2>&1
then
echo "Ubuntu detected"
echo ""
echo "Checking if it is a Desktop or server"

desktop=$( sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop | head -1 | awk '{print$1}' ) < /dev/null > /dev/null 2>&1
if [ "$desktop" = "desktop" ] < /dev/null > /dev/null 2>&1
then
echo "Ubuntu Desktop detected"
UbuntU
else
echo " this seems to be a server, swithching to server mode"
ubuntuserver14
fi
else
if [ "$rasp" = "Raspbian" ] < /dev/null > /dev/null 2>&1
then
echo "${INTRO_TEXT}"Detecting Raspberry Pi"${END}"
raspberry
else
if [ "$kalilinux" = "Kali" ] < /dev/null > /dev/null 2>&1
then
echo "${INTRO_TEXT}"Detecting Kali linux"${END}"
 kalijoin
else
if [ "$MintOS" = Mint ]
then
echo "Detecting Linux Mint"
LinuxMint
else
echo "No compatible System found"
exit
fi
fi
fi
fi
fi
fi
fi
}

################################ Ubuntu 14-18 ###########################################
UbuntU(){
export HOSTNAME
myhost=$( hostname )
clear
sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}"
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -f -y
clear
sudo dpkg -l | grep realmd
if [ $? = 0 ]
then
clear
sudo echo "${INTRO_TEXT}"Pakages installed"${END}"
else
clear
sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection ,dpkg and apt-get update then try again."${INTRO_TEXT}"
exit
fi
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
ping -c 2 $DOMAIN  >/dev/null
if [ $? = 0 ]
then
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN  <<<${END}${END}"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
fi
NetBios=$(echo $DOMAIN | cut -d '.' -f1)
clear
var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1)
if [ "$var" -eq "14" ]
then
echo "Installing additional dependencies"
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
clear
echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}"
sudo echo "${INTRO_TEXT}"Realm=$DOMAIN"${INTRO_TEXT}"
echo "${INTRO_TEXT}"Joining Ubuntu $var"${END}"
echo ""
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
sudo realm join -v -U $ADMIN $DOMAIN --install=/
else
   if [ "$var" -eq "16" ]
   then
   echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}"
   clear
sudo echo "${INTRO_TEXT}"Realm=$DOMAIN"${INTRO_TEXT}"
echo "${INTRO_TEXT}"Joining Ubuntu $var"${END}"
echo ""
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
   sudo realm join --verbose --user=$ADMIN $DOMAIN
   else
       if [ "$var" -eq "17" ] || [ "$var" -eq "18" ]
       then
       echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}"
          sleep 1
   clear
sudo echo "${INTRO_TEXT}"Realm=$DOMAIN"${INTRO_TEXT}"
echo "${INTRO_TEXT}"Joining Ubuntu $var"${END}"
echo ""
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
       sudo realm join --verbose --user=$ADMIN $DOMAIN --install=/
       else
       clear
      sudo echo "${RED_TEXT}"I am having issuers to detect your Ubuntu version"${INTRO_TEXT}"
     exit
     fi
  fi
fi
if [ $? -ne 0 ]; then
	echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}"
    exit
fi
fi_auth
}

####################### Setup for Ubuntu server ubuntu 14 #######################################
ubuntuserver14(){
export HOSTNAME
myhost=$( hostname )
clear
sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}"
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -y sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
clear
sudo dpkg -l | grep realmd
if [ $? = 0 ]
then
clear
sudo echo "${INTRO_TEXT}"Pakages installed"${END}"
else
clear
sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection and dpkg and try again."${INTRO_TEXT}"
exit
fi
sleep 1
DOMAIN=$( realm discover | grep -i realm-name | awk '{print $2}')
ping -c 1 $DOMAIN
if [ $? = 0 ]
then
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN  <<<${END}${END}"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
fi
echo "${NUMBER}Please type groupname in AD for admins${END}"
read -r Mysrvgroup
sudo echo "${INTRO_TEXT}"Realm= $DOMAIN"${INTRO_TEXT}"
sudo echo "${NORMAL}${NORMAL}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read -r ADMIN
sudo realm join -v -U $ADMIN $DOMAIN --install=/
if [ $? -ne 0 ]; then
	echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}"
    exit 1
fi
sudo echo "############################"
sudo echo "Configuratig files.."
sudo echo "Verifying the setup"
sudo systemctl enable sssd
sudo systemctl start sssd
states=$( echo null )
states1=$( echo null )
grouPs=$( echo null )
therealm=$( echo null )
cauth=$( echo null )
clear
read -p "${RED_TEXT}"'Do you wish to enable SSH login.group.allowed'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
   case $yn in
    [Yy]* ) sudo echo "Cheking if there is any previous configuration"
	if [ -f /etc/ssh/login.group.allowed ] < /dev/null > /dev/null 2>&1
then
echo "Files seems already to be modified, skipping..."
else
echo "NOTICE! /etc/ssh/login.group.allowed will be created. make sure yor local user is in it you you could be banned from login"
echo "auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ssh/login.group.allowed" | sudo tee -a /etc/pam.d/common-auth
sudo touch /etc/ssh/login.group.allowed
admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 )
echo ""
echo ""
read -p "Is your current administrator = "$admins" ? (y/n)?" yn
   case $yn in
    [Yy]* ) sudo echo "$admins"  | sudo tee -a /etc/ssh/login.group.allowed;;
    [Nn]* ) echo "please type name of current administrator"
read -p MYADMIN
sudo echo $MYADMIN | sudo tee -a /etc/ssh/login.group.allowed;;
    * ) echo "Please answer yes or no.";;
   esac
sudo echo "$Mysrvgroup" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"$myhost""sudoers" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "$NetBios"'\'"domain^admins" | sudo tee -a /etc/ssh/login.group.allowed
sudo echo "root" | sudo tee -a /etc/ssh/login.group.allowed
echo "enabled SSH-allow"
fi;;
    [Nn]* ) echo "Disabled SSH login.group.allowed"
    states1=$( echo 12 );;
    * ) echo "Please answer yes or no.";;
   esac
echo ""
echo "-------------------------------------------------------------------------------------------"
echo ""
read -p "${RED_TEXT}"'Do you wish to give users on this machine sudo rights?'"${END}""${NUMBER}"'(y/n)?'"${END}" yn
   case $yn in
    [Yy]* ) sudo echo "Cheking if there is any previous configuration"
	if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo ""
echo "Sudoersfile seems already to be modified, skipping..."
echo ""
else
sudo echo "administrator ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$Mysrvgroup""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%domain\ users ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%DOMAIN\ admins ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/domain_admins
#sudo realm permit --groups "$myhost""sudoers"
fi;;
    [Nn]* ) echo "Disabled sudo rights for users on this machine"
    	    echo ""
	    echo ""
	    states=$( echo 12 );;
    * ) echo 'Please answer yes or no.';;
   esac
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
sudo sh -c "echo 'greeter-show-manual-login=true' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"
sudo sh -c "echo 'allow-guest=false' | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf"

therealm=$( realm discover | grep -i realm-name | awk '{print $2}')
if [ $therealm = no ]
then
echo Realm configured?.. "${RED_TEXT}"FAIL"${END}"
else
echo Realm configured?.. "${INTRO_TEXT}"OK"${END}"
fi
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo Checking sudoers file..  "${INTRO_TEXT}"OK"${END}"
else
echo checking sudoers file..  "${RED_TEXT}"FAIL not configured"${END}"
fi
grouPs=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d  '=' -f1 | sed -e 's/\<ALL\>//g')
if [ $grouPs = "$myhost""sudoers" ]
then
echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ $cauth = allow ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM auth configuration.. "${RED_TEXT}"SSH security not configured"${END}"
fi
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers:        files sss/sudoers:        files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
cat /etc/sssd/sssd.conf | grep -i override
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
realm discover $DOMAIN
echo "${INTRO_TEXT}Please reboot your machine and wait 3 min for Active Directory to sync before login${INTRO_TEXT}"
exit
}

####################################### Kali ############################################
kalijoin(){
export HOSTNAME
myhost=$( hostname )
export whoami
whoamis=$( whoami )
admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 )
sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}"
sudo apt-get -qq update
sudo apt-get -qq install libsss-sudo -y
sudo apt-get -qq install adcli -y
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install policykit-1 -y
sudo mkdir -p /var/lib/samba/private
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -f -y
clear
sudo dpkg -l | grep realmd
if [ $? = 0 ]
then
clear
sudo echo "${INTRO_TEXT}"Pakages installed"${END}"
else
clear
sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection ,dpkg and apt-get update then try again."${INTRO_TEXT}"
exit
fi
echo "hostname is $myhost"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
ping -c 2 $DOMAIN  >/dev/null
if [ $? = 0 ]
then
clear
echo "${NUMBER}I searched for an available domain and found $DOMAIN  ${END}"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
fi
NetBios=$(echo $DOMAIN | cut -d '.' -f1)
echo ""
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
clear
sudo echo "${INTRO_TEXT}"Realm= $DOMAIN"${INTRO_TEXT}"
sudo echo "${NORMAL}${NORMAL}"
sudo realm join --verbose --user=$ADMIN $DOMAIN --install=/
if [ $? -ne 0 ]; then
	echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}"
    exit
fi
fi_auth
}

####################################### Debian ##########################################
debianclient(){
export HOSTNAME
myhost=$( hostname )
dkpg -l | grep sudo
if [ $? = 0 ]
then
""
else
apt get install sudo -y
export whoami
whoamis=$( whoami )
echo $whoamis
admins=$( cat /etc/passwd | grep home | grep bash | cut -d ':' -f1 )
echo "$admins ALL=(ALL:ALL) ALL | tee -a /etc/sudoers.d/admin"
fi
clear
sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}"
sudo apt-get -qq update
sudo apt-get -qq install libsss-sudo -y
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install policykit-1 -y
sudo mkdir -p /var/lib/samba/private
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get -qq install -f
clear
sudo dpkg -l | grep realmd
if [ $? = 0 ]
then
clear
sudo echo "${INTRO_TEXT}"Pakages installed"${END}"
else
clear
sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection ,dpkg and apt-get update then try again."${INTRO_TEXT}"
exit
fi
echo "hostname is $myhost"
sleep 1
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
ping -c 2 $DOMAIN  >/dev/null
if [ $? = 0 ]
then
clear
echo "${NUMBER}I searched for an available domain and found $DOMAIN  ${END}"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
fi
NetBios=$(echo $DOMAIN | cut -d '.' -f1)
echo ""
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
clear
sudo echo "${INTRO_TEXT}"Realm= $DOMAIN"${INTRO_TEXT}"
sudo echo "${NORMAL}${NORMAL}"
sudo realm join --verbose --user=$ADMIN $DOMAIN --install=/
if [ $? -ne 0 ]; then
	echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}"
    exit
fi
fi_auth
}

####################################### Cent OS #########################################
CentOS(){
export HOSTNAME
myhost=$( hostname )
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools samba-common
yum -y install ipa-client
echo "Looking for domains..."
DOMAIN=$(realm discover | grep -i realm-name | awk '{print $2}')
if [ -n "$DOMAIN" ]
then
ping -c 1 $DOMAIN
if [ $? = 0 ]
then
clear
echo "I searched for an available domain and found >>> $DOMAIN  <<<"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "Please log in with domain admin to $DOMAIN to connect"
    sudo echo "Please enter AD admin user:"
    read -r ADMIN
    ;;
    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN
	sudo echo "Please enter AD admin user:"
        read -r ADMIN
	;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "I searched for an available domain and found $DOMAIN but it is not responding to ping, please type your domain manually below... "
echo "Please enter the domain you wish to join:"
read -r DOMAIN
echo "I Please enter AD admin user "
read -r ADMIN
fi
else
clear
echo "I searched for an available domain and found nothing, please type your domain manually below... "
echo "Please enter the domain you wish to join:"
read -r DOMAIN
echo "I Please enter AD admin user "
read -r ADMIN
fi	
sudo echo "Realm= $DOMAIN"
sudo echo ""
sudo realm join -v -U $ADMIN $DOMAIN --install=/
if [ $? -ne 0 ]; then
	echo "AD join failed.please check that computer object is already created and test again"
    exit 1
fi
fi_auth_yum
exit
}

############################### Raspberry Pi ###################################
raspberry(){
export HOSTNAME
myhost=$( hostname )
sudo aptitude install ntp adcli sssd
sudo mkdir -p /var/lib/samba/private
sudo aptitude install libsss-sudo
sudo systemctl enable sssd
clear
DOMAIN=$( realm discover | grep -i realm-name | awk '{print $2}')
echo ""
echo "please type Domain admin"
read -r ADMIN
sudo realm join -v -U $ADMIN $DOMAIN --install=/
if [ $? -ne 0 ]; then
	echo "AD join failed.please check that computer object is already created and test again"
    exit 1
fi
sudo systemctl start sssd
echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session
sudo echo "pi ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sudo echo "%$myhost""sudoers ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/sudoers
sed -i -e 's/fallback_homedir = \/home\/%u@%d/#fallback_homedir = \/home\/%u@%d/g' /etc/sssd/sssd.conf
sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf
sed -i -e 's/access_provider = ad/access_provider = simple/g' /etc/sssd/sssd.conf
sed -i -e 's/sudoers:        files sss/sudoers:        files/g' /etc/nsswitch.conf
echo "override_homedir = /home/%d/%u" | sudo tee -a /etc/sssd/sssd.conf
cat /etc/sssd/sssd.conf | grep -i override
sudo echo "[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 600
#entry_cache_user_timeout = 5400
#entry_cache_group_timeout = 5400
#cache_credentials = TRUE
entry_cache_nowait_percentage = 75" | sudo tee -a /etc/sssd/sssd.conf
sudo service sssd restart
exit
}

############################### Fedora #########################################
Fedora_fn(){
export HOSTNAME
myhost=$( hostname )
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools samba-common
DOMAIN=$(realm discover | grep -i realm-name | awk '{print $2}')
ping -c 1 $DOMAIN
if [ $? = 0 ]
then
clear
echo "I searched for an available domain and found >>> $DOMAIN  <<<"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "Please log in with domain admin to $DOMAIN to connect";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "I searched for an available domain and found nothing, please type your domain manually below... "
echo "Please enter the domain you wish to join:"
read -r DOMAIN
echo "I Please enter AD admin user "
read -r ADMIN
fi
clear
sudo echo "Please enter AD admin user:"
read -r ADMIN
sudo echo "Realm= $DOMAIN"
sudo echo ""
sudo realm join -v -U $ADMIN $DOMAIN --install=/
if [ $? -ne 0 ]; then
	echo "AD join failed.please check that computer object is already created and test again"
    exit 1
fi
fi_auth_yum
exit
}

############################# Linux Mint #####################################
LinuxMint(){
export HOSTNAME
myhost=$( hostname )
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get -qq install -f -y
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
ping -c 2 $DOMAIN  >/dev/null
if [ $? = 0 ]
then
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN  <<<${END}${END}"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
fi
clear
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
NetBios=$(echo $DOMAIN | cut -d '.' -f1)
clear
   sudo realm join --verbose --user=$ADMIN $DOMAIN
if [ $? -ne 0 ]; then
	echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}"
    exit
fi
allowguest=$( sudo cat /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf | grep manual | grep true | cut -d '=' -f2 | head -1 )
if [ "$allowguest" = "true" ]
then
echo "Lightdm is already confugured.. skipping.."
else
sudo echo "greeter-show-manual-login=true" | sudo tee -a /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf
fi
fi_auth
exit
}

############################### Update to Realmd from likewise ##################
Realmdupdate(){
clear
echo ""
echo "this secion has been depricated, If you are still using likewise please see code"
echo ""
exit
}

#this section has been depricated
#If you are still using likewise please uncomment lines below and line 33
#Realmdupdate11(){
#export HOSTNAME
#myhost=$( hostname )
#echo "This will delete your homefolder and replace it. Please do a BACKUP"
#echo "Press ctrl C to cancel skript if you wish to make an backup first"
#sleep 5
#sudo apt-get update
#clear
#echo "Remember to recreate AD computer Object if you have upgraded the OS "versions will now match!"
#sleep 3
#sudo domainjoin-cli leave
#linuxclient
#}

############################### Fail check ####################################
failcheck(){
clear
export HOSTNAME
myhost=$( hostname )
find=$( realm discover )
if [ $? = 1 ]
then
echo "Sorry I am having issues finding your domain.. please type it"
read -r DOMAIN
else
echo ""
fi
therealm=$( realm discover | grep -i realm-name | awk '{print $2}')
if [ $therealm = no ]
then
echo Realm configured?.. "${RED_TEXT}"FAIL"${END}"
else
echo Realm configured?.. "${INTRO_TEXT}"OK"${END}"
fi
if [ -f /etc/sudoers.d/admins ] < /dev/null > /dev/null 2>&1
then
echo Checking sudoers file..  "${INTRO_TEXT}"OK"${END}"
grouPs=$(cat /etc/sudoers.d/admins | grep -i $myhost | cut -d '%' -f2 | cut -d  '=' -f1 | sed -e 's/\<ALL\>//g')
     if [ $grouPs = "$myhost""sudoers" ]
         then
         echo Checking sudoers users.. "${INTRO_TEXT}"OK"${END}"
         else
         echo Checking sudoers users.. "${RED_TEXT}"FAIL"${END}"
         fi
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo Checking sudoers file..  "${INTRO_TEXT}"OK"${END}"
grouPs1=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d  '=' -f1 | sed -e 's/\<ALL\>//g' | head -1)
     if [ $grouPs1 = "$myhost""sudoers" ]
         then
         echo Checking sudoers user groups.. "${INTRO_TEXT}"OK"${END}"
         else
         echo Checking sudoers user groups.. "${RED_TEXT}"FAIL"${END}"
         fi
else
echo Checking sudoers file.. "${RED_TEXT}"FAIL not configured"${END}"
fi
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM configuration.. "${RED_TEXT}"FAIL"${END}"
fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ $cauth = allow ] < /dev/null > /dev/null 2>&1
then
echo Checking PAM auth configuration.. "${INTRO_TEXT}"OK"${END}"
else
echo Checking PAM auth configuration.. "${RED_TEXT}"SSH security not configured"${END}"
fi
echo ""
echo "-------------------------------------------------------------------------------------"
realm discover
echo "-------------------------------------------------------------------------------------"
exit
}

############################### Fail check Yum ####################################
failcheck_yum(){
clear
export HOSTNAME
myhost=$( hostname )
find=$( realm discover )
if [ $? = 1 ]
then
echo "Sorry I am having issues finding your domain.. please type it"
read -r DOMAIN
else
echo ""
fi
therealm=$( realm discover | grep -i realm-name | awk '{print $2}')
if [ $therealm = no ]
then
echo "Realm configured?.. FAIL"
else
echo "Realm configured?.. OK"
fi
if [ -f /etc/sudoers.d/admins ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file.. OK"
grouPs=$(cat /etc/sudoers.d/admins | grep -i $myhost | cut -d '%' -f2 | cut -d  '=' -f1 | sed -e 's/\<ALL\>//g')
     if [ $grouPs = "$myhost""sudoers" ]
         then
         echo "Checking sudoers users.. OK"
         else
         echo "Checking sudoers users.. FAIL"
         fi
else
if [ -f /etc/sudoers.d/sudoers ] < /dev/null > /dev/null 2>&1
then
echo "Checking sudoers file..  OK"
grouPs1=$(cat /etc/sudoers.d/sudoers | grep -i $myhost | cut -d '%' -f2 | cut -d  '=' -f1 | sed -e 's/\<ALL\>//g' | head -1)
     if [ $grouPs1 = "$myhost""sudoers" ]
         then
         echo "Checking sudoers user groups.. OK"
         else
         echo "Checking sudoers user groups.. FAIL"
         fi
else
echo "Checking sudoers file.. FAIL not configured"
fi
fi
homedir=$(cat /etc/pam.d/common-session | grep homedir | grep 0022 | cut -d '=' -f3)
if [ $homedir = 0022 ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM configuration.. OK"
else
echo "Checking PAM configuration.. FAIL"
fi
cauth=$(cat /etc/pam.d/common-auth | grep required | grep onerr | grep allow | cut -d '=' -f4 | cut -d 'f' -f1)
if [ $cauth = allow ] < /dev/null > /dev/null 2>&1
then
echo "Checking PAM auth configuration.. OK"
else
echo "Checking PAM auth configuration.. SSH security not configured"
fi
echo ""
echo "-------------------------------------------------------------------------------------"
realm discover
echo "-------------------------------------------------------------------------------------"
exit
}


#################################### ldapsearch #####################################################
ldaplook(){
export HOSTNAME
myhost=$( hostname )
ldaptools=$( sudo dpkg -l | grep -i ldap-utils | cut -d 's' -f1 | cut -d 'l' -f2 )
echo "${NUMBER}Remember!you must be logged in with AD admin on the client/server to use this funktion${END}"
echo "${NUMBER}Remember!please edit in ldap.conf the lines BASE and URI in /etc/ldap/ldap.conf ${END}"
sleep 3
if [ "$ldaptools" = dap-uti ]
then 
echo "ldap tool installed.. trying to find this host"
sudo ldapsearch cn=$myhost'*'
echo "Please type what you are looking for"
read own
sudo ldapsearch | grep -i $own
exit
else
sudo apt-get install ldap-utils -y
echo "${NUMBER}please edit in ldap.conf the lines BASE and URI ${END}"
sleep 3
sudo nano /etc/ldap/ldap.conf
sudo ldapsearch | grep -i $myhost
exit
fi
}

############################### Reauth ##########################################
Reauthenticate(){
whoelse=$( who -ut | grep -v old | awk '{print $1}' )
homeshome=$( sudo realm list | grep domain-name | awk '{print $2}' )
homes=$( ls /home/$homeshome | head -1  )
if [ "$homes" = "$whoelse" ]
then
echo ""
echo "you are logged in as an AD user.. canceling request"
echo "only administrator has permissions"
echo ""
exit
else
LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 )
DOMAINlower=$( echo $DOMAIN | tr '[:upper:]' '[:lower:]' )
if [ "$DOMAINlower" = "$SSSD" ]
then
echo "Detecting realm $SSSD"
else
    if [ "$LEFT" = "no" ]
    then
    echo ""
    echo "$DOMAIN has not been configured"
    echo ""
    exit
    fi
    fi
read -p "Do you really want to leave the domain: $DOMAIN (y/n)?" yn
   case $yn in
    [Yy]* ) echo "Listing domain"
    sudo realm discover $DOMAIN
    sudo realm leave $DOMAIN
    LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
    if [ "$LEFT" = "no" ]
    then
    echo ""
    sudo echo "" | sudo tee /etc/sssd/sssd.conf
    echo "$DOMAIN has been left"
    notify-send ADconnection "Left $DOMAIN "
    linuxclient
    else
    echo "something went wrong, try to leave manually"
    	read -r DOMAIN
	sudo realm leave $DOMAIN
    left=$(sudo realm discover | grep configured | awk '{print $2}')
    if [ "$left" = "no" ]
    then
    echo ""
    sudo echo "" | sudo tee /etc/sssd/sssd.conf
    echo "$DOMAIN has been left"
    notify-send ADconnection "Left $DOMAIN "
    linuxclient
    else
    echo "something went wrong"
    fi
    fi
    ;;
    [Nn]* ) echo "Bye"
	exit
	;;
    * ) echo 'Please answer yes or no.';;
   esac
exit
fi
}

########################################### Leave Realm ################################
leave(){
LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
SSSD=$( sudo cat /etc/sssd/sssd.conf | grep domain | awk '{print $3}' | head -1 )
DOMAINlower=$( echo $DOMAIN | tr '[:upper:]' '[:lower:]' )
if [ "$DOMAINlower" = "$SSSD" ] < /dev/null > /dev/null 2>&1
then
echo "Detecting realm $SSSD"
else
    if [ "$LEFT" = "no" ]
    then
    echo ""
    echo "$DOMAIN has not been configured"
    echo ""
    exit
    fi
    fi
read -p "Do you really want to leave the domain: $DOMAIN (y/n)?" yn
   case $yn in
    [Yy]* ) echo "Listing domain"
    sudo realm discover $DOMAIN
    sudo realm leave $DOMAIN
    LEFT=$(sudo realm discover | grep configured | awk '{print $2}')
    if [ "$LEFT" = "no" ]
    then
    echo ""
    sudo echo "" | sudo tee /etc/sssd/sssd.conf
    echo "$DOMAIN has been left"
    notify-send ADconnection "Left $DOMAIN "
    else
    echo "something went wrong, try to leave manually"
    echo ""
    echo "Please type domain you wish to leave"
    	read -r DOMAIN
	sudo realm leave $DOMAIN
    left=$(sudo realm discover | grep configured | awk '{print $2}')
    if [ "$left" = "no" ]
    then
    echo ""
    sudo echo "" | sudo tee /etc/sssd/sssd.conf
    echo "$DOMAIN has been left"
    notify-send ADconnection "Left $DOMAIN "
    else
    echo "something went wrong"
    fi
    fi
    ;;
    [Nn]* ) echo "Bye"
	exit
	;;
    * ) echo 'Please answer yes or no.';;
   esac
exit	
}

########################################### info #######################################
readmes(){
clear
echo "Usage: sh ADconnection.sh [--help] "
echo "                          [-d (ubuntu debug mode)]"
echo "                          [-j admin domain (Simple direct join) ADconnection -j ADadmin domain"
echo "                          [-l (script output to log file)]"
echo "                          [-s (Discover domain)]"
echo "                          [-o (assign OU for computer object (-o OU=Clients,OU=Computers))"
echo ""
echo""
echo "${INTRO_TEXT}           Active directory connection tool                     ${INTRO_TEXT}"
echo "${INTRO_TEXT}                          Examples                                      ${INTRO_TEXT}"
echo "${INTRO_TEXT}     Domain to join:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER}mydomain.intra${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT}                                                            ${INTRO_TEXT}"
echo "${INTRO_TEXT}     Domain’s NetBios name:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER}mydomain${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT}                                                            ${INTRO_TEXT}"
echo "${INTRO_TEXT}     Domain username:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER}ADadmin${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT}                                                            ${INTRO_TEXT}"
echo "${INTRO_TEXT}     AD Group to put users in:"${RED_TEXT}Example:${RED_TEXT}"" ${NUMBER}Sudoers.global${NUMBER}"${INTRO_TEXT}"
echo "${RED_TEXT}       group should be created in AD with the groupname beeing the HOSTNAMEsudores             ${RED_TEXT}"
echo "${INTRO_TEXT}                                                            ${INTRO_TEXT}"
echo "${INTRO_TEXT}     Script will use hostname and add sudoer to it to sudoers "${RED_TEXT}Example:${RED_TEXT}""${NUMBER} myhostsudoer${NUMBER}"${INTRO_TEXT}"
echo "${INTRO_TEXT}     It is important that the computerobject "${RED_TEXT}Ex:${RED_TEXT}" myhost gets created in AD pre or post running the script ( the join will create an computer object by it self ${INTRO_TEXT}"
echo "${INTRO_TEXT}     and that the group "${RED_TEXT}Ex:${RED_TEXT}" myhostsudoes exists, sudoers must be added or edit this script to remove sudoers from name${INTRO_TEXT}"
echo "${INTRO_TEXT}     Script will also add domain admin group to sudoes                     ${INTRO_TEXT}"
echo "${NUMBER}     Remember to Check Hostname and add it to AD${NUMBER}"
echo "${INTRO_TEXT}     Reauthenticate is a fix for Ubuntu 14 likewise issues when client looses user (who am I?)${INTRO_TEXT}"
echo "${INTRO_TEXT}                                                                                                ${INTRO_TEXT}"
echo "${INTRO_TEXT}  Ubuntu 16 and 14 has the setting not to show domain name in name or homefolder due it can give${INTRO_TEXT}"
echo "${INTRO_TEXT} coding issues when building.. to change this configure /et/sssd/sssd.conf                      ${INTRO_TEXt}"
echo ""
exit
}

########################################### Menu #######################################
MENU_FN(){
clear
    echo "${INTRO_TEXT}   Active directory connection tool             ${INTRO_TEXT}"
    echo "${INTRO_TEXT}       Created by Pierre Goude                  ${INTRO_TEXT}"
	echo "${INTRO_TEXT} This script will edit several critical files.. ${INTRO_TEXT}"
	echo "${INTRO_TEXT}  DO NOT attempt this without expert knowledge  ${INTRO_TEXT}"
    echo "${NORMAL}                                                    ${NORMAL}"
    echo "${MENU}*${NUMBER} 1)${MENU} Join to AD on Linux (Ubuntu/Rasbian/Kali/Fedora/Debian)    ${NORMAL}"
    echo "${MENU}*${NUMBER} 2)${MENU} Check for errors    ${NORMAL}"
    echo "${MENU}*${NUMBER} 3)${MENU} Search with ldap              ${NORMAL}"
	echo "${MENU}*${NUMBER} 4)${MENU} Reauthenticate   ${NORMAL}"
	echo "${MENU}*${NUMBER} 5)${MENU} Leave Domain             ${NORMAL}"
    echo "${NORMAL}                                                    ${NORMAL}"
    echo "${ENTER_LINE}Please enter a menu option and enter or ${RED_TEXT}enter to exit. ${NORMAL}"
	read opt
while [ opt != '' ]
    do
    if [ $opt = "" ]; then
            exit;
    else
        case $opt in
    1) clear;
            echo "Installing on Linux Client/Server";
            linuxclient
            ;;

	2) clear;
	    echo "Check for errors"
	     failcheck
             ;;
	3) clear;
	     echo "Check in Ldap"
	     ldaplook
             ;;
	4) clear;
	    echo "Rejoin to AD"
	    Reauthenticate
            ;;
	5) clear;
	echo "Leave domain"
	leave
	;;
        x)exit;
        ;;
       \n)exit;
        ;;
        *)clear;
        opt "Pick an option from the menu";
        MENU_FN;
        ;;
    esac
fi
done
}

########################################### Menu YUM #######################################
YUM_MENU(){
clear
    echo "  Active directory connection tool             "
    echo "      Created by Pierre Goude                 "
	echo " This script will edit several critical files.. "
	echo "  DO NOT attempt this without expert knowledge  "
    echo ""
    echo "1) Join to AD on Linux (Ubuntu/Rasbian/Kali/Fedora)"
    echo "2) Check for errors"
    echo "3) Search with ldap"
	echo "4) Reauthenticate"
	echo "5) Leave Domain"
    echo ""
    echo "Please enter a menu option and enter or enter to exit."
	read opt
while [ opt != '' ]
    do
    if [ $opt = "" ]; then
            exit;
    else
        case $opt in
    1) clear;
            echo "Installing on Linux Client/Server";
            linuxclient
            ;;
	2) clear;
	    echo "Check for errors"
	     failcheck_yum
             ;;
	3) clear;
	     echo "Check in Ldap"
	     ldaplook
             ;;
	4) clear;
	    echo "Rejoin to AD"
	    Reauthenticate
            ;;
	5) clear;
	echo "Leave domain"
	leave
	;;
        x)exit;
        ;;
       \n)exit;
        ;;
        *)clear;
        opt "Pick an option from the menu";
        MENU_FN;
        ;;
    esac
fi
done
}
################# Precheck for YUM based OS ################# 
PRECHECK_FN(){
## Precheck sends yum based OS to an own menu ##
TheOS=$( hostnamectl | grep -i Operating | awk '{print $3}' ) < /dev/null > /dev/null 2>&1
if [ "$TheOS" = "Fedora" ]
then
YUM_MENU
else
if [ "$TheOS" = "CentOS" ]
then
YUM_MENU
else
MENU_FN
fi
fi
}
############################## Flags ###############################
clear
#Versi0n=$( echo "7" )
#update=$( curl -s https://github.com/PierreGode/Linux-Active-Directory-join-script/blob/master/ADconnection.sh | grep -i Versi0n | awk '{print $10}' )
#if [ "$update" -gt "$Version" ]
#then
#echo "Updating ADconnection"
#git pull
#else
#echo "ADconnection is up to date"
#fi
while test $# -gt 0; do
        case "$1" in
                -help|--help)
			readmes
                        ;;
                -d)
                        if test $# -gt 0; then
                        linuxclientdebug
                        else
                        echo ""
                        exit 1
                        fi
                         ;;
                -l)
                        if test $? -gt 0; then
                        DATE=`date +%H:%M`
			MENU_FN 2>&1 | sudo tee adconnection.log
                        else
                        echo ""
                        exit 1
                        fi
                        ;;
                -j)
                        if test $# -gt 0; then
			sudo realm join -v -U $2 $3 --install=/
			exit
                        else
                        echo ""
                        exit 1
                        fi
                        ;;
                -s)
                        if test $# -gt 0; then
			realm < /dev/null > /dev/null 2>&1
			if [ "$?" = "0" ] 
			then
			sudo realm discover
		        exit
			else
			clear
			echo ""
			echo "realmd is not installed"
			echo ""
			exit
                        fi
			else
                        echo ""
                        exit 1
                        fi
                        ;;
                -o)
                        if test $# -gt 0; then
desktop=$( sudo apt list --installed | grep -i desktop | grep -i ubuntu | cut -d '-' -f1 | grep -i desktop )
rasp=$( lsb_release -a | grep -i Distributor | awk '{print $3}' )
kalilinux=$( lsb_release -a | grep -i Distributor | awk '{print $3}' )

if [ "$desktop" = "desktop" ]
then
if [ "$rasp" = "Raspbian" ]
then
echo "${INTRO_TEXT}"Detecting Raspberry Pi"${END}"
raspberry
else
if [ "$kalilinux" = "Kali" ]
then
echo "${INTRO_TEXT}"Detecting Kali linux"${END}"
kalijoin
else
echo ""
fi
fi
else
echo "this seems to be a server, swithching to server mode"
ubuntuserver14
fi
export HOSTNAME
myhost=$( hostname )
clear
sudo echo "${RED_TEXT}"Installing pakages do no abort!......."${INTRO_TEXT}"
sudo apt-get -qq install realmd adcli sssd -y
sudo apt-get -qq install ntp -y
sudo apt-get install -f -y
clear
sudo dpkg -l | grep realmd
if [ $? = 0 ]
then
clear
sudo echo "${INTRO_TEXT}"Pakages installed"${END}"
else
clear
sudo echo "${RED_TEXT}"Installing pakages failed.. please check connection ,dpkg and apt-get update then try again."${INTRO_TEXT}"
exit
fi
echo "hostname is $myhost"
echo "Looking for Realms.. please wait"
DOMAIN=$(realm discover | grep -i realm.name | awk '{print $2}')
ping -c 2 $DOMAIN  >/dev/null
if [ $? = 0 ]
then
clear
echo "${NUMBER}I searched for an available domain and found ${MENU}>>> $DOMAIN  <<<${END}${END}"
read -p "Do you wish to use it (y/n)?" yn
   case $yn in
    [Yy]* ) echo "";;

    [Nn]* ) echo "Please enter the domain you wish to join:"
	read -r DOMAIN;;
    * ) echo 'Please answer yes or no.';;
   esac
else
clear
echo "${NUMBER}I searched for an available domain and found nothing, please type your domain manually below... ${END}"
echo "Please enter the domain you wish to join:"
read -r DOMAIN
fi
NetBios=$(echo $DOMAIN | cut -d '.' -f1)
clear
var=$(lsb_release -a | grep -i release | awk '{print $2}' | cut -d '.' -f1)
if [ "$var" -eq "14" ]
then
echo "Installing additional dependencies"
sudo apt-get -qq install -y realmd sssd sssd-tools samba-common krb5-user
sudo apt-get install -f -y
clear
echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}"
sudo echo "${INTRO_TEXT}"Realm=$DOMAIN"${INTRO_TEXT}"
echo "${INTRO_TEXT}"Joining Ubuntu $var"${END}"
echo ""
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
realm join -v --user="$ADMIN" --computer-ou="$2" $DOMAIN --install=/
else
   if [ "$var" -eq "16" ]
   then
   echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}"
   clear
sudo echo "${INTRO_TEXT}"Realm=$DOMAIN"${INTRO_TEXT}"
echo "${INTRO_TEXT}"Joining Ubuntu $var"${END}"
echo ""
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
   realm join -v --user="$ADMIN" --computer-ou="$2" $DOMAIN
   else
       if [ "$var" -eq "17" ] || [ "$var" -eq "18" ]
       then
       echo "${INTRO_TEXT}"Detecting Ubuntu $var"${END}"
          sleep 1
   clear
sudo echo "${INTRO_TEXT}"Realm=$DOMAIN"${INTRO_TEXT}"
echo "${INTRO_TEXT}"Joining Ubuntu $var"${END}"
echo ""
echo "${INTRO_TEXT}"Please log in with domain admin to $DOMAIN to connect"${END}"
echo "${INTRO_TEXT}"Please type Admin user:"${END}"
read ADMIN
       realm join -v --user="$ADMIN" --computer-ou="$2" $DOMAIN --install=/
       else
       clear
      sudo echo "${RED_TEXT}"I am having issuers to detect your Ubuntu version"${INTRO_TEXT}"
     exit
     fi
  fi
fi
if [ $? -ne 0 ]; then
	echo "${RED_TEXT}"AD join failed.please check that computer object is already created and test again "${END}"
    exit
fi
fi_auth
                        else
                                echo ""
                                exit 1
                        fi
                        ;;
                *)
                        break
                        ;;
        esac
done
PRECHECK_FN