#!/bin/bash

set -e

SAMBA4_VARS=/etc/eole/samba4-vars.conf

if [ -f "${SAMBA4_VARS}" ]
then
    . "${SAMBA4_VARS}"
else
    # Template is disabled => samba is disabled
    echo "Samba is disabled"
    exit 0
fi


echo "==============================================="
echo "Check admin password file"
if [ ! -f "${AD_ADMIN_PASSWORD_FILE}" ]
then
    echo "No admin password file “${AD_ADMIN_PASSWORD_FILE}”"
else
    echo "Admin password file exists"
fi

echo "==============================================="
echo "Check DNS with AD"
# ATTENTION AU POINT EN FIN DE LIGNE !
host -t SRV _ldap._tcp.dc._msdcs.${AD_REALM}.
host -t SRV _ldap._tcp.${AD_REALM}.
host -t SRV _kerberos._udp.${AD_REALM}.
host -t A ${AD_HOST_NAME}.${AD_REALM}.

echo "==============================================="
echo  "Interrogation DNS"
dig ${AD_HOST_NAME}.${AD_REALM}
dig dev-eole.ac-dijon.fr

echo "==============================================="
echo "Check NT authentication"
if [ "$AD_SERVER_ROLE" == 'controleur de domaine' ] && [ -f "${AD_ADMIN_PASSWORD_FILE}" ]
then
    smbclient -L localhost -U "${AD_ADMIN}" < <(cat "${AD_ADMIN_PASSWORD_FILE}")
    smbclient //localhost/netlogon -U "${AD_ADMIN}" -c 'ls' < <(cat "${AD_ADMIN_PASSWORD_FILE}")
fi

echo "==============================================="
echo "Check KERBEROS:"
echo "Kinit"
kinit "$AD_ADMIN@${AD_REALM^^}" -k -t "${AD_ADMIN_KEYTAB_FILE}"

echo "==============================================="
echo "klist:"
klist

echo "==============================================="
echo "smbclient:"
smbclient //${AD_HOST_NAME}/netlogon -k 1 -c 'ls'

echo "==============================================="
echo "Affichage Etat Replication:"
samba-tool drs showrepl
echo "Note about the„Warning: No NC replicated for Connection!“ line: It can be safely ignored. "
echo "See FAQ: Message: Warning: No NC replicated for Connection!"

# echo "==============================================="
# echo "Affichage Difference LDAP:"
# if [[ -e "${AD_ADDITIONAL_DC_NAME}" ]]
# then
#     samba-tool ldapcmp --filter=whenchanged ldap://${AD_NETBIOS_NAME} ldap://${AD_ADDITIONAL_DC_NAME} domain -k 1
# fi
# echo "==============================================="

echo "==============================================="
echo "Affichage Drois des Comptes:"
net rpc rights list accounts -U "${AD_ADMIN}" -I "${AD_NETBIOS_NAME}.${AD_REALM}" < <(cat "${AD_ADMIN_PASSWORD_FILE}")
