#!/usr/bin/env bash # VERSION : 1.0 # Updated : 2020-05-18 # # Intro. # This script create the needed systemd network files (ipv4 only for now), # for an AD-DC of Domain Member setup. # You need to review the file and execute the instructions after. # The script itself does NOT change anything to a running server. if [ -z $1 ] then echo "Usage $(basename $0) dc/member" exit 0 fi INSTRUCTIONS=" # Verify your file: lan-${1}-dev-$(ip route | grep default |awk '{ print $5 }').network # file: (cat lan-${1}-dev-$(ip route | grep default |awk '{ print $5 }').network) # edit it : editor lan-${1}-dev-$(ip route | grep default |awk '{ print $5 }').network # Then when its correct run the following: # mv /etc/network/interfaces{,.backup} # cp lan-${1}-dev-$(ip route | grep default |awk '{ print $5 }').network /etc/systemd/network/ # systemctl daemon-reload # mv /etc/resolv.conf{,.backup} && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # systemctl enable systemd-networkd # systemctl restart systemd-networkd # systemctl enable systemd-timesyncd # systemctl restart systemd-timesyncd # systemctl enable systemd-resolved # systemctl restart systemd-resolved # # And now check you setup with these commands: # timedatectl status # networkctl status # networkctl status $(ip route | grep default |awk '{ print $5 }') " BASICINFO=" # These settings are a 'PER INTERFACE' settings. # You can use /etc/systemd/resolved.conf and timesyncd.conf for GLOBAL settings. # If GLOBAL settings are used, then you can remove the dns and time parts from the .network file. # Or mix it with per interface, then you should read also : # https://www.freedesktop.org/software/systemd/man/systemd.network.html " if [ "$1" = "member" ] then echo "#### This setup is for a Domain MEMBER server, IPV4 only. ###" echo echo "# # This setup is for a Domain MEMBER server. # IPV4 only. [Match] Name=$(ip route | grep default |awk '{ print $5 }') [Network] DHCP=no DNSSEC=allow-downgrade DNSSECNegativeTrustAnchors=lan IPv6PrivacyExtensions=no IPv6AcceptRouterAdvertisements=no LinkLocalAddressing=no LLMNR=no # make use of systemd resolved and its setup, setup the 'search dnsdomain.tld.' Domains=$(grep search /etc/resolv.conf |awk '{ print $2 }') # lets make use of systemd-timedate and timesyncd for the member servers. # we assume the DNS are also the NTP servers. NTP=$(host $(grep search /etc/resolv.conf | awk '{ print $2 }')| grep address | awk '{ print $NF }'|tr '\n' ' ') # DNS resolvers (its safe to mix IPv4 and IPv6) # Max 3 DNS entries. ::1 or 127.0.0.1 if you use a cacheing dns. # If you use systemd-resolved stub (caching) dns, use 127.0.0.53 (only) # Defaults to the AD-DC servers found in the dns. DNS=$(host $(grep search /etc/resolv.conf | awk '{ print $2 }')| grep address | awk '{ print $NF }'|tr '\n' ' ') # IPv4 gateway and primary IP address. Gateway=$(ip -4 route | grep default | awk '{ print $3 }') Address=$(hostname -I|awk '{ print $1 }')/24 " > lan-${1}-dev-"$(ip route | grep default |awk '{ print $5 }')".network echo "# Config assumes the following: # This server has 1 ip, 1 search domain and AD-DC's are also the DNS and TIME servers. # This server is in a LAN and no ipv6 is used." echo "${BASICINFO}" echo "# Time wil be handled by systemd-timedate and systemd-timesyncd # Resolv.conf wil be handled by systemd-resolved # NTP and resolv.conf settings are using network setting from systemd-networkd as shown in the config." echo "${INSTRUCTIONS}" echo echo "### This setup is for a Domain MEMBER server. ###" fi if [ "$1" = "dc" ] then echo "#### This setup is for a Domain AD-DC server, IPv4 only. ###" echo echo "# # This setup is for a Domain AD-DC server. # IPV4 only. [Match] Name=$(ip route | grep default |awk '{ print $5 }') [Network] DHCP=no DNSSEC=allow-downgrade DNSSECNegativeTrustAnchors=lan IPv6PrivacyExtensions=no IPv6AcceptRouterAdvertisements=no LinkLocalAddressing=no LLMNR=no # make use of systemd resolved and its setup, setup the 'search domain.' # this MUST be set to your primary.DNSdomain.tld Domains=$(grep search /etc/resolv.conf |awk '{ print $2 }') # Members # lets make use of systemd-timedate, no need anymore to install ntp. #NTP=$(host $(grep search /etc/resolv.conf | awk '{ print $2 }')| grep address | awk '{ print $NF }'|tr '\n' ' ') # For an AD-DC this is not used, you must setup the time(NTP) daemon. # see: https://wiki.samba.org/index.php/Time_Synchronisation # Which is not in this script. # DNS resolvers (safe to mix IPv4 and IPv6) # Max 3 DNS entries. ::1 or 127.0.0.1 if you use a cacheing dns. # if you use systemd-resolved stub (caching) dns, use 127.0.0.53 (only) DNS=$(hostname -I|awk '{ print $1 }') 8.8.8.8 8.8.4.4 # We resolve first through the primary IP of this AD-DC. # The google dns is use as fallback, replace these if you have more DC's # I suggest here 2 x DNS AD-DC, 1 x DNS internet. # IPv4 gateway and primary address. Gateway=$(ip route | grep default | awk '{ print $3 }') Address=$(hostname -I|awk '{ print $1 }')/24 " > lan-${1}-dev-"$(ip route | grep default |awk '{ print $5 }')".network echo "# Config assumes the following: # This AD-DC server has 1 ip, 1 search domain and also the DNS and TIME servers. # This AD-DC server is in a LAN and no ipv6 is used." echo "${BASICINFO}" echo "# # For an AD-DC this is not used, you must setup the time(NTP) daemon. # see: https://wiki.samba.org/index.php/Time_Synchronisation # resolv.conf should be set with the ip of this server as first resolver (nameserver ip) # ! Note, this is automaticly done through the systemd-networkd settings. # NTP MUST be setup with ntp: https://wiki.samba.org/index.php/Time_Synchronisation # The Must is due to TimeSync over AD" echo "${INSTRUCTIONS}" echo echo "### This setup is for a Domain AD-DC server. ### " fi