#!/bin/bash
set -e
#set -x
sdir=/usr/share/omix
ldir=/var/lib/omix
vdir=/etc/omix
#ddir=/usr/share/doc/omix-files

bak="--backup=numbered"
[ -f /etc/samba/smb.conf ] && grep -q "server role = standalone server" /etc/samba/smb.conf \
  && mv $bak /etc/samba/smb.conf /etc/samba/smb.conf.dpkg-old

/etc/omix/samba.shares

if [[ -f /etc/samba/smb.conf && net ads testjoin -k >/dev/null 2>&1 ]]; then
  /usr/share/omix/mkconf
  exit
fi
#cleanup
systemctl stop smbd nmbd winbind
systemctl mask nmbd
ln -sf -t /etc/samba $ldir/smb.conf $ldir/smb-share-defaults.conf
rm -f /var/run/samba/*.[t,l]db \
    /var/lib/samba/*.[t,l]db \
    /var/lib/samba/private/*.[t,l]db \
    /var/cache/samba/*.[t,l]db  \
    /var/cache/samba/printing/*.[t,l]db
#params
getworkgroup(){
  for dc in $(host -t SRV -W 1 _ldap._tcp.$1 | sed 's/.* //; s/\.$//'); do
    ping -c1 -W1 &>/dev/null $dc || continue
    wkg=$(samba-tool domain info $dc | sed -ne '/Netbios domain/s/.* //p')
    [[ -z $wkg ]] || return
  done
}

#configure
domain=$(hostname -d)
realm=$(echo $domain | tr '[:lower:]' '[:upper:]')
#$wkg=$( echo $domain | sed 's/.[^.]*$//; s/^.*\.//') #'
getworkgroup

[ -f /etc/security/limits.d/samba.conf ] || cat >/etc/security/limits.d/samba.conf <<EOF
* - nofile 16384
root - nofile 16384
EOF
[[ -e /etc/samba/domain.conf ]] || \
cat >/etc/samba/domain.conf <<EOF
  workgroup = $wkg
  realm = $realm
# idmap config for domain $domain
  idmap config $wkg:backend = rid
  idmap config $wkg:range = 10000-99999
EOF

cat >/etc/krb5.conf <<EOF
[libdefaults]
    default_realm = $realm
    dns_lookup_realm = false
    dns_lookup_kdc = true
EOF

sed -i -E -e '/winbind/b' -e '/^passwd:|group:/s/^(.*)$/\1 winbind/' /etc/nsswitch.conf

/usr/share/omix/mkconf

. /usr/share/omix/debconflib
getpasswd high
net ads join -U Administrator%$pass
systemctl start smbd winbind
chgrp BUILTIN\\users /var/samba/*
chmod 770 /var/samba/*

