Prepare your Debian server for Samba
You have installed a fresh Debian 12 Bookworm system without a graphical interface. To access the system, only ssh is required. I prefer running Samba servers in a KVM environment. Further instructions on how to prepare a KVM domain (virtual machine) can be found here.
It is recommended that you upload your ssh certificates from another machine if you wish to access this system easily without a password through ssh.
For illustration purposes, this installation refers to a machine named “server” in the mad.caponato.es domain (DNS domain name), with MAD.CAPONATO.ES as the Kerberos realm name. The address is 192.168.0.13.
Choosing your AD domain name
- Do not use a domain as your AD name. Use a subdomain like in this example.
- Your subdomain should not be resolvable from the internet. Use it only internally for your AD.
- Do not use .local for the TLD, this is used by Avahi.
- If you are planning on building a small home AD, consider using home.arpa.
- If this is going to be an AD Domain Controller, use a name like DC1 instead of “server”.
- If this machine will be configured as a file server, use something like FS1 instead of “server”.
You need to:
- Install some useful tools
apt-get install net-tools rsync
- Make yourself a favour
echo "alias ll='ls -lash'" >> ~/.bashrc
- Your /etc/hosts file should look like this:
127.0.0.1 localhost 192.168.0.13 server.mad.caponato.es server
- Set your hostname
hostnamectl set-hostname server
- Configure a fixed IP address. Edit /etc/network/interfaces (your physical interface - ens3 - may be different):
Modern distributions use a “predictable name” scheme. Your network card names are important. See this example :
echo /sys/class/net/* /sys/class/net/ens3 /sys/class/net/lo
Write down your interface name. It will be used later configuring Samba. If this machine has more than one interface decide if you will use one or more of them. In this guide only one interface is used.
# The primary network interface allow-hotplug ens3 iface ens3 inet static address 192.168.0.13 netmask 255.255.255.0 gateway 192.168.0.1
Reconfigure your locale settings to avoid errors. (example for en_US.UTF-8 - recommended)
sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen dpkg-reconfigure --frontend=noninteractive locales update-locale LANG=en_US.UTF-8 update-locale LANGUAGE=en_US.UTF-8 update-locale LC_ALL=en_US.UTF-8
Other settings I use
These are not necessary, but I prefer to have these settings:
Make sure your swap in a VM does not grow too much:
echo "vm.swappiness=10" >> /etc/sysctl.conf
I don't like journald, gimme back rsyslog
apt-get install rsyslog rm /var/log/journal -Rf reboot
Some changes to Grub / kernel :
Edit /etc/default/grub and add:
If you want to disable IPV6: (see also edit of /etc/systcl.conf at the end)
GRUB_CMDLINE_LINUX="ipv6.disable=1"
While I'm here, I like my KVMs starting quicker, so also use:
GRUB_TIMEOUT=1
If you are using KVM as you should for most things samba, activate serial console:
GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0"
('quiet' is already there, just add console parameters. If you want kernel output while booting, remove 'quiet'). Save changes and update grub
update-grub
Also needed if you want to disable IPv6: /etc/sysctl.conf add at the end:
# Disabling IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Reboot
reboot
Continue to install binaries for Samba
- Continue to install Samba as a Domain Controller (provision a new AD, or add an additional DC).
- Or else install Samba as a member server (file server or print server).
Caponato's Samba notebook. Start here or else Main menu