=== Nasty Hacky Active Directory Integration on Feisty ===
{{{
#run this script as ROOT, you must be root or it will not work
#put your variables in here then run the whole thing
# it will ask you to a kerberos realm., use the same value you entered for AD_DOMAIN
# then it will ask you whether or not to use the defaults form DNS, choose yes
# after kerberos config, the script stops for some reason, but copy & paste everything after dpkg-reconfigure krb5-config
# then it will restart needed services and you can ssh in as domain users to test

export DOMAIN_ADMIN=rcadmin
export DOMAIN_PASS=YOURPASS
export MACHINE_FQDN=cai17.music.uga.edu
export MACHINE_OU=Music
export AD_DOMAIN=LABS.AD.UGA.EDU
export AD_SHORTNAME=LABS


#enable universe for kerberos packages
perl -pi -e 's!# deb http://us.archive.ubuntu.com/ubuntu/ edgy universe!deb http://us.archive.ubuntu.com/ubuntu/ edgy universe!g' /etc/apt/sources.list
perl -pi -e 's!# deb http://security.ubuntu.com/ubuntu edgy-security universe!deb http://security.ubuntu.com/ubuntu edgy-security universe!g' /etc/apt/sources.list
apt-get update
#edit our host file
export HOSTNAME=`hostname`
perl -pi -e 's!$ENV{'HOSTNAME'}!$ENV{'HOSTNAME'}\t$ENV{'MACHINE_FQDN'}!g' /etc/hosts
#install samba and winbind
apt-get install samba winbind krb5-user  -y
#configure samba
perl -pi -e  's!   workgroup = DEBIAN_FANS!
   security = ads
   workgroup = $ENV{'AD_SHORTNAME'}
   realm = $ENV{'AD_DOMAIN'}
   idmap uid = 500-10000000
   idmap gid = 500-10000000
   winbind separator = +
   winbind enum users = no
   winbind enum groups = no
   winbind use default domain = yes
   template homedir = /home/%U
   template shell = /bin/bash
   client use spnego = yes
   domain master = no
!g' /etc/samba/smb.conf
perl -pi -e 's/   encrypt passwords = no/;   encrypt passwords = no/g' /etc/samba/smb.conf
#tell nsswitch to use winbind too
perl -pi -e 's/compat/compat winbind/g' /etc/nsswitch.conf
perl -pi -e 's/dns/dns wins/g' /etc/nsswitch.conf
#setup pam
perl -pi -e's/account\trequired\tpam_unix.so/account\tsufficient\tpam_winbind.so\naccount\trequired\tpam_unix.so/g' /etc/pam.d/common-account
perl -pi -e's/auth\tsufficient\tpam_unix.so/auth\tsufficient\tpam_winbind.so\nauth\trequired\tpam_unix.so/g' /etc/pam.d/common-auth
perl -pi -e's/max=8/max=50/g' /etc/pam.d/common-password
perl -pi -e's!session\trequired\tpam_unix.so!session\trequired\tpam_unix.so\nsession\trequired\tpam_mkhomedir.so umask=0022 skel=/etc/skel!g' /etc/pam.d/common-session
# configure kerberos
dpkg-reconfigure krb5-config
# synchronize system clock so that times match
ntpdate $AD_DOMAIN
# do the join dont include the last bit if you dont have a sub ou to join
net ads join createcomputer=$MACHINE_OU -U$DOMAIN_ADMIN%$DOMAIN_PASS
# restart things
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start
}}}

{{{
#WIP notes on netatalk

apt-get install netatalk -y
echo '- -transall -uamlist uams_dhx.so,uams_gss.so  -k5service afpserver -k5keytab /etc/krb5.keytab  -k5realm LABS.AD.UGA.EDU -fqdn $MACHINE_FQDN:548' >> /etc/netatalk/afpd.conf
echo 'eth0' >> /etc/netatalk/atalkd.conf
/etc/init.d/anettalk restart
}}}