#!/bin/bash

#
# Case doesn't matter (insensitive)
#
DOMAIN=$(hostnamectl --static | cut -d . -f 2-)
WORKGROUP=$(echo $DOMAIN | cut -d . -f 1)

cat > krb5.conf << EOF
[libdefaults]
    default_realm = ${DOMAIN^^}
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false

[realms]
    ${DOMAIN^^} = {
    }

[domain_realm]
    .${DOMAIN,,} = ${DOMAIN^^}
    ${DOMAIN,,} = ${DOMAIN^^}
EOF

cat > smb.conf << EOF
[global]
    workgroup = ${WORKGROUP^^}
    realm = ${DOMAIN^^}
    security = ADS
    kerberos method = secrets and keytab
    winbind use default domain = yes

    disable spoolss = yes
    load printers = no
    printcap name = /dev/null
    printing = bsd

    map to guest = Never

    include = /opt/zmb/smb/smb.conf:
EOF

cat > sssd.conf << EOF
[sssd]
    config_file_version = 2
    domains = ${DOMAIN,,}
    services = nss, pam

[domain/${DOMAIN,,}]
    id_provider = ad
    auth_provider = ad
    chpass_provider = ad
    access_provider = ad
    ignore_group_members = true
    subdomain_inherit = ignore_group_members
    ad_gpo_access_control = disabled
    override_homedir = /home/%u
    default_shell = /bin/bash
EOF