Samba-ad-dc-with-docker/packages/config-secondary.sh

#!/bin/bash
echo "Secondary domain controller settings."

#----------------------------------------------------------------------
# New volumes.
#----------------------------------------------------------------------
if [ -z "$(ls /var/lib/samba/private)" ]; then
	echo "New volumes."

	# Make join parameters.
	SMB_TMP_PARAM="
		--username=administrator
		--password=$SMB_ADMINPASS
		--realm=$SMB_REALM
		--option=\"dns forwarder = 127.0.0.11\"
		--option=\"dns update command = /usr/sbin/samba_dnsupdate --current-ip $SMB_HOSTIP\"
		--option=\"rpc server dynamic port range = $SMB_RPC_PORTS\"
		--option=\"template homedir = /home/%D/%U\"
		--option=\"template shell = /bin/bash\"
		--option=\"winbind enum users = yes\"
		--option=\"winbind enum groups = yes\"
		--option=\"idmap config $SMB_DOMAIN:unix_nss_info = yes\"
		--option=\"idmap config $SMB_DOMAIN:unix_primary_group = yes\"
		--option=\"idmap_ldb:use rfc2307 = yes\"
	"
	if [ $SMB_USEBIND9 = "true" ]; then
		SMB_TMP_PARAM+=" --dns-backend=BIND9_DLZ"
	else
		SMB_TMP_PARAM+=" --dns-backend=SAMBA_INTERNAL"
	fi

	# LDAPS settings.
	mkdir /var/lib/samba/private/tls/
	TMP_LDAPS=0
	cp -a /root/packages/cert/ca.crt /usr/local/share/ca-certificates/ && \
		update-ca-certificates && \
		TMP_LDAPS=$(($TMP_LDAPS | 0x01)) && \
		SMB_TMP_PARAM+=" --option=\"tls cafile   = /usr/local/share/ca-certificates/ca.crt\""
	cp -a /root/packages/cert/server.crt /var/lib/samba/private/tls/ && \
		TMP_LDAPS=$(($TMP_LDAPS | 0x02)) && \
		SMB_TMP_PARAM+=" --option=\"tls certfile = /var/lib/samba/private/tls/server.crt\""
	cp -a /root/packages/cert/server.key /var/lib/samba/private/tls/ && \
		TMP_LDAPS=$(($TMP_LDAPS | 0x04)) && \
		chmod 600 /var/lib/samba/private/tls/server.key && \
		SMB_TMP_PARAM+=" --option=\"tls keyfile  = /var/lib/samba/private/tls/server.key\""
	cp -a /root/packages/cert/ca.crl /var/lib/samba/private/tls/ && \
		TMP_LDAPS=$(($TMP_LDAPS | 0x08)) && \
		SMB_TMP_PARAM+=" --option=\"tls crlfile  = /var/lib/samba/private/tls/ca.crl\""

	if [ $(($TMP_LDAPS & 0x07)) -eq 7 ]; then
		echo "Enable LDAPS."
		SMB_TMP_PARAM+=" --option=\"tls enabled  = true\"
				 --option=\"tls verify peer = as_strict_as_possible\"
		"
	else
		echo "Disable Strong Auth."
		SMB_TMP_PARAM+="
			--option=\"ldap server require strong auth = no\"
		"
	fi

	set -f
	SMB_TMP_PARAM=$(echo $SMB_TMP_PARAM)
	#echo "join parameters: $SMB_TMP_PARAM"
	set +f

	# Join domain settings.
	mv --backup=numbered /etc/samba/smb.conf /etc/samba/smb.conf.bak
	eval samba-tool domain join $SMB_REALM DC "$SMB_TMP_PARAM"
	if [ $? -ne 0 ]; then exit 0; fi

	# Deletion of IP addresses in the container registered in Primary DNS
	MYHOSTIP=$(grep $(hostname) /etc/hosts | sed "s/^\(.*\)\s.*/\1/")
	MYHOSTNM=$(hostname)
	samba-tool dns update $SMB_REALM \
		$SMB_REALM $MYHOSTNM \
		A $MYHOSTIP $SMB_HOSTIP \
		--username Administrator --password $SMB_ADMINPASS
	# Delete myhostip after 30 sec.
	/bin/bash -c "sleep 30;
	samba-tool dns delete localhost \
		$SMB_REALM $MYHOSTNM \
		A $MYHOSTIP \
		--username Administrator --password $SMB_ADMINPASS
	" &
fi

#----------------------------------------------------------------------
# Volumes is left.
#----------------------------------------------------------------------
if [ ! -e /root/packages/configured ]; then
	echo "New container."

	# Register CA certificates.
	cp -a /root/packages/cert/ca.crt /usr/local/share/ca-certificates/ && \
		update-ca-certificates

	# Authentication sttings.
	sed -i "s/^\(passwd: \+\)[a-z ]\+$/\1compat winbind/" /etc/nsswitch.conf
	sed -i "s/^\(group: \+\)[a-z ]\+$/\1compat winbind/" /etc/nsswitch.conf

	# Create krb5.conf
	mv --backup=numbered /etc/krb5.conf /etc/krb5.conf.bak
cat <<EOF > /etc/krb5.conf
[libdefaults]
	dns_lookup_realm = false
	dns_lookup_kdc = true
	default_realm = $SMB_REALM
EOF

	# Make rsync configuration.
cat <<EOF > /etc/rsyncd.secret.sysvol-replication
$RSY_PASS
EOF
	chmod 600 /etc/rsyncd.secret.sysvol-replication

	# Reset sysvol.
	echo "Reset sysvol."
	rsync -XAavx \
		--delete-after \
		--password-file=/etc/rsyncd.secret.sysvol-replication \
		--contimeout=10 \
		rsync://sysvol-replication@$RSY_PRIMARY/SysVol \
		/var/lib/samba/sysvol/
	samba-tool ntacl sysvolreset

	# Replicate sysvol every 5 minutes.
	echo "*/5 * * * *   root    rsync -XAavx --delete-after --password-file=/etc/rsyncd.secret.sysvol-replication rsync://sysvol-replication@$RSY_PRIMARY/SysVol /var/lib/samba/sysvol/" >> /etc/crontab

	# Suppress apache warning.
	echo "ServerName localhost" | tee /etc/apache2/conf-available/fqdn.conf
	a2enconf fqdn

	# Setup phpLdapAdmin.
	if [ -e /root/packages/phpLDAPadmin-1.2.3.tar.gz ]; then
		a2dismod php8.1
		a2enmod php7.3

		tar zxf /root/packages/phpLDAPadmin-1.2.3.tar.gz -C /var/www/
		mv /var/www/phpLDAPadmin-1.2.3 /var/www/phpldapadmin
		cp /etc/phpldapadmin/apache.conf /etc/phpldapadmin/apache.conf.bak
		sed -i "s@/usr/share/phpldapadmin/htdocs@/var/www/phpldapadmin@g" /etc/phpldapadmin/apache.conf
		cp /var/www/phpldapadmin/config/config.php.example /var/www/phpldapadmin//config/config.php
		if [ $(grep "tls verify peer = as_strict_as_possible" /etc/samba/smb.conf -c) -ne 0 ]; then
			sed -i "$ i\$servers->setValue('server','host','ldaps://$(hostname).${SMB_REALM,,}');" /var/www/phpldapadmin/config/config.php
		else
			sed -i "$ i\$servers->setValue('server','host','ldap://$(hostname).${SMB_REALM,,}');" /var/www/phpldapadmin/config/config.php
		fi
		sed -i "$ i\$servers->setValue('login','bind_id','administrator@${SMB_REALM,,}');" /var/www/phpldapadmin/config/config.php
		sed -i "$ i\$config->custom->appearance['hide_template_warning'] = true;" /var/www/phpldapadmin/config/config.php
		sed -i "s/\$servers->setValue('server','name','My LDAP Server');/\$servers->setValue('server','name','$SMB_DOMAIN');/" /var/www/phpldapadmin/config/config.php

		# Customize phpLDAPadmin
		# for PHP7.0
		sed -i "s/password_hash/password_hash_custom/g" /var/www/phpldapadmin/lib/*
		sed -i '2567d; 2568d; 2569i \\t\tforeach ($dn as $key => $rdn) {\n\t\t\t$a[$key] = preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return '\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $rdn\'');\n\t\t}' /var/www/phpldapadmin/lib/functions.php
		sed -i '2574c \\t\treturn  preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return'\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $dn);' /var/www/phpldapadmin/lib/functions.php
		sed -i '1119d; 1120d; 1121i \\t\t\tforeach ($dn as $key => $rdn) {\n\t\t\t\t$a[$key] = preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return '\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $rdn\'');\n\t\t\t}' /var/www/phpldapadmin/lib/ds_ldap.php
		sed -i '1126c \\t\t\treturn  preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return'\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $dn);' /var/www/phpldapadmin/lib/ds_ldap.php
		# for PHP7.3
		sed -i '54c function my_autoload($className) {' /var/www/phpldapadmin/lib/functions.php
		sed -i '777c spl_autoload_register("my_autoload");' /var/www/phpldapadmin/lib/functions.php
		sed -i '1083c \\t\t$CACHE[$sortby] = __create_function('\''$a, $b'\'',$code);' /var/www/phpldapadmin/lib/functions.php
		sed -i '1091a function __create_function($arg, $body) {\n\tstatic $cache = array();\n\tstatic $maxCacheSize = 64;\n\tstatic $sorter;\n\n\tif ($sorter === NULL) {\n\t\t$sorter = function($a, $b) {\n\t\t\tif ($a->hits == $b->hits) {\n\t\t\t\treturn 0;\n\t\t\t}\n\n\t\t\treturn ($a->hits < $b->hits) ? 1 : -1;\n\t\t};\n\t}\n\n\t$crc = crc32($arg . "\\\\x00" . $body);\n\n\tif (isset($cache[$crc])) {\n\t\t++$cache[$crc][1];\n\t\treturn $cache[$crc][0];\n\t}\n\n\tif (sizeof($cache) >= $maxCacheSize) {\n\t\tuasort($cache, $sorter);\n\t\tarray_pop($cache);\n\t}\n\n\t$cache[$crc] = array($cb = eval('\''return function('\''.$arg.'\''){'\''.$body.'\''};'\''), 0);\n\treturn $cb;\n}\n' /var/www/phpldapadmin/lib/functions.php
	fi

	# Mark as configured.
	touch /root/packages/configured
fi

#----------------------------------------------------------------------
# Container and Volumes is left.
#----------------------------------------------------------------------
echo "Setting to do every time"

# Resolver settings.
cp /etc/resolv.conf /root/packages/resolv.conf
sed -i "s/nameserver 127.0.0.11/nameserver 127.0.0.1/" /root/packages/resolv.conf
cat /root/packages/resolv.conf > /etc/resolv.conf

# Switch DNS backend.
if [ $SMB_USEBIND9 = "true" ]; then
	if [ ! -e /var/lib/samba/bind-dns/named.conf ]; then
		samba_upgradedns --dns-backend=BIND9_DLZ
	fi
	# Make bind9 configuration.
	if [ $(grep "bind-dns" /etc/bind/named.conf -c) -eq 0 ]; then
		cp -a /etc/bind/named.conf /etc/bind/named.conf.bak
		sed -i "\$a include \"/var/lib/samba/bind-dns/named.conf\";" /etc/bind/named.conf
		cp -a /etc/bind/named.conf.options /etc/bind/named.conf.options.bak
		sed -i "/listen-on-v6/a\\\n\tforwarders { 127.0.0.11; };\n\tallow-query { any; };\n\tallow-transfer { none; };\n\ttkey-gssapi-keytab \"/var/lib/samba/bind-dns/dns.keytab\";\n\tminimal-responses yes;" /etc/bind/named.conf.options
		cp -a /etc/bind/named.conf.local /etc/bind/named.conf.local.bak
		sed -i "s@^//include@include@" /etc/bind/named.conf.local
	fi
	if [[ $(grep -c "server services" /etc/samba/smb.conf) -eq 0 ]]; then
		sed -i "9a\\\tserver services = -dns" /etc/samba/smb.conf
	fi
else
	if [ -e /var/lib/samba/bind-dns/named.conf ]; then
		samba_upgradedns --dns-backend=SAMBA_INTERNAL
		sed -i "/server services/d" /etc/samba/smb.conf
	fi
fi
First version 2022-10-08 15:54:09 +09:00			`#!/bin/bash`
			`echo "Secondary domain controller settings."`

			`#----------------------------------------------------------------------`
			`# New volumes.`
			`#----------------------------------------------------------------------`
			`if [ -z "$(ls /var/lib/samba/private)" ]; then`
			`echo "New volumes."`

			`# Make join parameters.`
			`SMB_TMP_PARAM="`
			`--username=administrator`
			`--password=$SMB_ADMINPASS`
			`--realm=$SMB_REALM`
			`--option=\"dns forwarder = 127.0.0.11\"`
			`--option=\"dns update command = /usr/sbin/samba_dnsupdate --current-ip $SMB_HOSTIP\"`
			`--option=\"rpc server dynamic port range = $SMB_RPC_PORTS\"`
			`--option=\"template homedir = /home/%D/%U\"`
			`--option=\"template shell = /bin/bash\"`
			`--option=\"winbind enum users = yes\"`
			`--option=\"winbind enum groups = yes\"`
			`--option=\"idmap config $SMB_DOMAIN:unix_nss_info = yes\"`
			`--option=\"idmap config $SMB_DOMAIN:unix_primary_group = yes\"`
			`--option=\"idmap_ldb:use rfc2307 = yes\"`
			`"`
			`if [ $SMB_USEBIND9 = "true" ]; then`
			`SMB_TMP_PARAM+=" --dns-backend=BIND9_DLZ"`
			`else`
			`SMB_TMP_PARAM+=" --dns-backend=SAMBA_INTERNAL"`
			`fi`

			`# LDAPS settings.`
			`mkdir /var/lib/samba/private/tls/`
			`TMP_LDAPS=0`
			`cp -a /root/packages/cert/ca.crt /usr/local/share/ca-certificates/ && \`
			`update-ca-certificates && \`
			`TMP_LDAPS=$(($TMP_LDAPS \| 0x01)) && \`
			`SMB_TMP_PARAM+=" --option=\"tls cafile = /usr/local/share/ca-certificates/ca.crt\""`
			`cp -a /root/packages/cert/server.crt /var/lib/samba/private/tls/ && \`
			`TMP_LDAPS=$(($TMP_LDAPS \| 0x02)) && \`
			`SMB_TMP_PARAM+=" --option=\"tls certfile = /var/lib/samba/private/tls/server.crt\""`
			`cp -a /root/packages/cert/server.key /var/lib/samba/private/tls/ && \`
			`TMP_LDAPS=$(($TMP_LDAPS \| 0x04)) && \`
			`chmod 600 /var/lib/samba/private/tls/server.key && \`
			`SMB_TMP_PARAM+=" --option=\"tls keyfile = /var/lib/samba/private/tls/server.key\""`
			`cp -a /root/packages/cert/ca.crl /var/lib/samba/private/tls/ && \`
			`TMP_LDAPS=$(($TMP_LDAPS \| 0x08)) && \`
			`SMB_TMP_PARAM+=" --option=\"tls crlfile = /var/lib/samba/private/tls/ca.crl\""`

			`if [ $(($TMP_LDAPS & 0x07)) -eq 7 ]; then`
			`echo "Enable LDAPS."`
			`SMB_TMP_PARAM+=" --option=\"tls enabled = true\"`
			`--option=\"tls verify peer = as_strict_as_possible\"`
			`"`
			`else`
			`echo "Disable Strong Auth."`
			`SMB_TMP_PARAM+="`
			`--option=\"ldap server require strong auth = no\"`
			`"`
			`fi`

			`set -f`
			`SMB_TMP_PARAM=$(echo $SMB_TMP_PARAM)`
			`#echo "join parameters: $SMB_TMP_PARAM"`
			`set +f`

			`# Join domain settings.`
			`mv --backup=numbered /etc/samba/smb.conf /etc/samba/smb.conf.bak`
			`eval samba-tool domain join $SMB_REALM DC "$SMB_TMP_PARAM"`
			`if [ $? -ne 0 ]; then exit 0; fi`

			`# Deletion of IP addresses in the container registered in Primary DNS`
			`MYHOSTIP=$(grep $(hostname) /etc/hosts \| sed "s/^\(.\)\s./\1/")`
			`MYHOSTNM=$(hostname)`
			`samba-tool dns update $SMB_REALM \`
			`$SMB_REALM $MYHOSTNM \`
			`A $MYHOSTIP $SMB_HOSTIP \`
			`--username Administrator --password $SMB_ADMINPASS`
			`# Delete myhostip after 30 sec.`
			`/bin/bash -c "sleep 30;`
			`samba-tool dns delete localhost \`
			`$SMB_REALM $MYHOSTNM \`
			`A $MYHOSTIP \`
			`--username Administrator --password $SMB_ADMINPASS`
			`" &`
			`fi`

			`#----------------------------------------------------------------------`
			`# Volumes is left.`
			`#----------------------------------------------------------------------`
			`if [ ! -e /root/packages/configured ]; then`
			`echo "New container."`

			`# Register CA certificates.`
			`cp -a /root/packages/cert/ca.crt /usr/local/share/ca-certificates/ && \`
			`update-ca-certificates`

			`# Authentication sttings.`
			`sed -i "s/^\(passwd: \+\)[a-z ]\+$/\1compat winbind/" /etc/nsswitch.conf`
			`sed -i "s/^\(group: \+\)[a-z ]\+$/\1compat winbind/" /etc/nsswitch.conf`

			`# Create krb5.conf`
			`mv --backup=numbered /etc/krb5.conf /etc/krb5.conf.bak`
			`cat <<EOF > /etc/krb5.conf`
			`[libdefaults]`
			`dns_lookup_realm = false`
			`dns_lookup_kdc = true`
			`default_realm = $SMB_REALM`
			`EOF`

			`# Make rsync configuration.`
			`cat <<EOF > /etc/rsyncd.secret.sysvol-replication`
			`$RSY_PASS`
			`EOF`
			`chmod 600 /etc/rsyncd.secret.sysvol-replication`

			`# Reset sysvol.`
			`echo "Reset sysvol."`
			`rsync -XAavx \`
			`--delete-after \`
			`--password-file=/etc/rsyncd.secret.sysvol-replication \`
			`--contimeout=10 \`
			`rsync://sysvol-replication@$RSY_PRIMARY/SysVol \`
			`/var/lib/samba/sysvol/`
			`samba-tool ntacl sysvolreset`

			`# Replicate sysvol every 5 minutes.`
			`echo "/5 * * * root rsync -XAavx --delete-after --password-file=/etc/rsyncd.secret.sysvol-replication rsync://sysvol-replication@$RSY_PRIMARY/SysVol /var/lib/samba/sysvol/" >> /etc/crontab`

			`# Suppress apache warning.`
			`echo "ServerName localhost" \| tee /etc/apache2/conf-available/fqdn.conf`
			`a2enconf fqdn`

			`# Setup phpLdapAdmin.`
			`if [ -e /root/packages/phpLDAPadmin-1.2.3.tar.gz ]; then`
			`a2dismod php8.1`
			`a2enmod php7.3`

			`tar zxf /root/packages/phpLDAPadmin-1.2.3.tar.gz -C /var/www/`
			`mv /var/www/phpLDAPadmin-1.2.3 /var/www/phpldapadmin`
			`cp /etc/phpldapadmin/apache.conf /etc/phpldapadmin/apache.conf.bak`
			`sed -i "s@/usr/share/phpldapadmin/htdocs@/var/www/phpldapadmin@g" /etc/phpldapadmin/apache.conf`
			`cp /var/www/phpldapadmin/config/config.php.example /var/www/phpldapadmin//config/config.php`
			`if [ $(grep "tls verify peer = as_strict_as_possible" /etc/samba/smb.conf -c) -ne 0 ]; then`
			`sed -i "$ i\$servers->setValue('server','host','ldaps://$(hostname).${SMB_REALM,,}');" /var/www/phpldapadmin/config/config.php`
			`else`
			`sed -i "$ i\$servers->setValue('server','host','ldap://$(hostname).${SMB_REALM,,}');" /var/www/phpldapadmin/config/config.php`
			`fi`
			`sed -i "$ i\$servers->setValue('login','bind_id','administrator@${SMB_REALM,,}');" /var/www/phpldapadmin/config/config.php`
			`sed -i "$ i\$config->custom->appearance['hide_template_warning'] = true;" /var/www/phpldapadmin/config/config.php`
			`sed -i "s/\$servers->setValue('server','name','My LDAP Server');/\$servers->setValue('server','name','$SMB_DOMAIN');/" /var/www/phpldapadmin/config/config.php`

			`# Customize phpLDAPadmin`
			`# for PHP7.0`
			`sed -i "s/password_hash/password_hash_custom/g" /var/www/phpldapadmin/lib/*`
			`sed -i '2567d; 2568d; 2569i \\t\tforeach ($dn as $key => $rdn) {\n\t\t\t$a[$key] = preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return '\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $rdn\'');\n\t\t}' /var/www/phpldapadmin/lib/functions.php`
			`sed -i '2574c \\t\treturn preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return'\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $dn);' /var/www/phpldapadmin/lib/functions.php`
			`sed -i '1119d; 1120d; 1121i \\t\t\tforeach ($dn as $key => $rdn) {\n\t\t\t\t$a[$key] = preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return '\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $rdn\'');\n\t\t\t}' /var/www/phpldapadmin/lib/ds_ldap.php`
			`sed -i '1126c \\t\t\treturn preg_replace_callback('\''/\\\\\\([0-9A-Fa-f]{2})/'\'', function ($m) { return'\'\''.chr(hexdec('\''\\\\1'\'')).'\'\''; }, $dn);' /var/www/phpldapadmin/lib/ds_ldap.php`
			`# for PHP7.3`
			`sed -i '54c function my_autoload($className) {' /var/www/phpldapadmin/lib/functions.php`
			`sed -i '777c spl_autoload_register("my_autoload");' /var/www/phpldapadmin/lib/functions.php`
			`sed -i '1083c \\t\t$CACHE[$sortby] = __create_function('\''$a, $b'\'',$code);' /var/www/phpldapadmin/lib/functions.php`
			sed -i '1091a function __create_function($arg, $body) {\n\tstatic $cache = array();\n\tstatic $maxCacheSize = 64;\n\tstatic $sorter;\n\n\tif ($sorter === NULL) {\n\t\t$sorter = function($a, $b) {\n\t\t\tif ($a->hits == $b->hits) {\n\t\t\t\treturn 0;\n\t\t\t}\n\n\t\t\treturn ($a->hits < $b->hits) ? 1 : -1;\n\t\t};\n\t}\n\n\t$crc = crc32($arg . "\\\\x00" . $body);\n\n\tif (isset($cache[$crc])) {\n\t\t++$cache[$crc][1];\n\t\treturn $cache[$crc][0];\n\t}\n\n\tif (sizeof($cache) >= $maxCacheSize) {\n\t\tuasort($cache, $sorter);\n\t\tarray_pop($cache);\n\t}\n\n\t$cache[$crc] = array($cb = eval('\''return function('\''.$arg.'\''){'\''.$body.'\''};'\''), 0);\n\treturn $cb;\n}\n' /var/www/phpldapadmin/lib/functions.php
			`fi`

			`# Mark as configured.`
			`touch /root/packages/configured`
			`fi`

			`#----------------------------------------------------------------------`
			`# Container and Volumes is left.`
			`#----------------------------------------------------------------------`
			`echo "Setting to do every time"`

			`# Resolver settings.`
			`cp /etc/resolv.conf /root/packages/resolv.conf`
			`sed -i "s/nameserver 127.0.0.11/nameserver 127.0.0.1/" /root/packages/resolv.conf`
			`cat /root/packages/resolv.conf > /etc/resolv.conf`

			`# Switch DNS backend.`
			`if [ $SMB_USEBIND9 = "true" ]; then`
			`if [ ! -e /var/lib/samba/bind-dns/named.conf ]; then`
			`samba_upgradedns --dns-backend=BIND9_DLZ`
			`fi`
			`# Make bind9 configuration.`
			`if [ $(grep "bind-dns" /etc/bind/named.conf -c) -eq 0 ]; then`
			`cp -a /etc/bind/named.conf /etc/bind/named.conf.bak`
			`sed -i "\$a include \"/var/lib/samba/bind-dns/named.conf\";" /etc/bind/named.conf`
			`cp -a /etc/bind/named.conf.options /etc/bind/named.conf.options.bak`
			`sed -i "/listen-on-v6/a\\\n\tforwarders { 127.0.0.11; };\n\tallow-query { any; };\n\tallow-transfer { none; };\n\ttkey-gssapi-keytab \"/var/lib/samba/bind-dns/dns.keytab\";\n\tminimal-responses yes;" /etc/bind/named.conf.options`
			`cp -a /etc/bind/named.conf.local /etc/bind/named.conf.local.bak`
			`sed -i "s@^//include@include@" /etc/bind/named.conf.local`
			`fi`
			`if [[ $(grep -c "server services" /etc/samba/smb.conf) -eq 0 ]]; then`
			`sed -i "9a\\\tserver services = -dns" /etc/samba/smb.conf`
			`fi`
			`else`
			`if [ -e /var/lib/samba/bind-dns/named.conf ]; then`
			`samba_upgradedns --dns-backend=SAMBA_INTERNAL`
			`sed -i "/server services/d" /etc/samba/smb.conf`
			`fi`
			`fi`