Caponato's Notebook

You have installed a fresh Debian 12 Bookworm system without a graphical interface. To access the system, only SSH is required. I prefer running Samba servers in a KVM environment. Further instructions on how to prepare a KVM domain (virtual machine) can be found here.

It is recommended that you upload your SSH certificates from another machine if you wish to access this system easily without a password through SSH.

For illustration purposes, this installation refers to a machine named server in the mad.caponato.es domain (DNS domain name), with MAD.CAPONATO.ES as the Kerberos realm name. The address is 192.168.0.13.

• Do not use a public domain as your AD name. Use a subdomain, as shown in this example.
• Your subdomain should not be resolvable from the internet. Use it only internally for your AD.
• Do not use `.local` for the TLD, as this is used by Avahi.
• If you are planning to build a small home AD, consider using home.arpa.
• If this is going to be an AD Domain Controller, use a name like DC1 instead of “server”.
• If this machine will be configured as a file server, use something like FS1 instead of “server”.

• Install some useful tools:

apt-get install net-tools rsync locales aptitude curl ifupdown2

• Make sure you set up private/public key pairs so you can run SSH passwordless.

• Make yourself a favour:

echo "alias ll='ls -lash'" >> ~/.bashrc
echo "alias rm='rm -i'" >> ~/.bashrc
echo "alias nano='nano -c'" >> ~/.bashrc
echo "alias ipa='ip -br -c a'" >> ~/.bashrc

• Your `/etc/hosts` file should look like this:

127.0.0.1	localhost
192.168.0.13	server.mad.caponato.es server

• Set your hostname:

hostnamectl set-hostname server

• Configure a fixed IP address. Edit `/etc/network/interfaces` (your physical interface — `ens3` — may be different):

Modern distributions use a “predictable name” scheme. Your network card names are important. See this example:

echo /sys/class/net/*
/sys/class/net/ens3 /sys/class/net/lo

Write down your interface name. You will use it later when configuring Samba. If this machine has more than one interface, decide whether you will use one or more of them. In this guide, only one interface is used.

Example configuration:

# The primary network interface
allow-hotplug ens3
iface ens3 inet static
  address 192.168.0.13
  netmask 255.255.255.0
  gateway 192.168.0.1

# Uncomment 'en_US.UTF-8' locale to generate locales    
sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=en_US.UTF-8
update-locale LANGUAGE=en_US.UTF-8
update-locale LC_ALL=en_US.UTF-8

These are not necessary, but I prefer to have these settings.

echo "vm.swappiness=10" >> /etc/sysctl.conf

Edit `/etc/default/grub` and add:

If you want to disable IPv6 (see also sysctl snippet later):

GRUB_CMDLINE_LINUX="ipv6.disable=1"

While you're here, I like my KVMs to start quicker, so also use:

GRUB_TIMEOUT=1

If you are using KVM (as you should for most things Samba), activate the serial console:

GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

(*'quiet'* is already there; just add the console parameters. If you want kernel output while booting, remove *'quiet'*.) Save changes and update GRUB:

update-grub

Create an appropriate `sysctl.conf` snippet file and set the proper sysctls — for example, add `/etc/sysctl.d/disable-ipv6.conf` with this content:

# Disabling IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Reboot:

reboot

• Continue to install Samba as a Domain Controller (provision a new AD, or add an additional DC).

• Or install Samba as a member server (file server or print server).

Caponato's Samba notebook. Start here or return to Main menu.