This is my notebook where I aim to create a simplified approach to deploy a Samba AD infrastructure, specifically for Debian. I hope this will be useful for you. Most samba info is here on the Official Samba Wiki, and much of it has been used for this wiki, this is just presented in a different fashion.

Before I begin, I want to thank Rowland Penny (and others) from the Samba Team for his invaluable help and feedback to these pages.

“Samba is an Open Source / Free Software suite that has, since 1992, provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License.”

Since SAMBA 4.0, the suite can also emulate a Windows Active Directory infrastructure, providing Domain Controller and member server features.

Samba can manage Linux and Windows machines, offering users endless ways for configuration and utilization. To help beginners handle the complexity of Samba, I created a straightforward wiki on deploying it for a common practice - serving as an Active Directory infrastructure for Windows clients. This involves domain controllers, file servers, and print servers.

Because I want to keep it simple and straightforward, I am taking some decisions along the way that may not be very well explained. Please see the official Samba Wiki.

1. I will use - and recommend using - Debian (12, Bookworm at the time of writing).
2. No X, no X tools.
3. Using vanilla binaries. No self-compiling Samba.
4. Using internal Samba DNS backend (yes, it's good enough for most applications).
5. Use Chrony as the time server, it's simple and it just works. (NPTsec is giving problems with Samba lately.)
6. For member servers (file and print servers), use the 'rid' idmap backend. (Instructions for AD idmap backend also provided)
7. Also for members, use acl_xattr module because Linux ACLs alone cannot fully manage the complexity of Windows ACLs

1. Use Proxmox containers and VMs at least for your Domain Controllers.
2. Use two physical machines away from each other if possible for resiliency.

First things first: Preparing your Debian server for Samba

Caponato's Samba notebook. Start here or else Main menu