.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Setting up a Samba File Server on Debian :keywords: File Server, Debian, Samba, documentation .. _fileserver_install_debian: **************************************** Setting up a Samba File Server on Debian **************************************** .. note:: This documentation is based on the Debian Buster 64bits distribution. The version of the Samba-AD package in the Debian Buster distribution is up-to-date enough to provide optimal file service. Therefore, there is no need to recompile Samba from source. .. note:: In this documentation, it is assumed: * That you have installed the system base of your fileserver by following the :ref:`Debian base installation documentation ` and that your server is called *srvfiles*. * That the IP address of your domain controller is *192.168.1.11*. * That the domain is called *mydomain.lan*. Preparing the host ================== Prepare the network configuration of the machine by following the same :ref:`documentation as for a new domain controller `. Remember to configure the Active Directory server as DNS server in the file :file:`/etc/resolv.conf`. .. hint:: Add ``domain`` ``mydomain.lan`` in the :file:`/etc/resolv.conf` file is necessary because in the :file:`smb.conf`, the winbind ``default domain`` = **yes** option relies on it. If this is not done, it causes the following problems: * Problem with the command :command:`net ads testjoin` that says it can’t find the domain controller. * The command :command:`chown userad1 myfile` does not work. * A :command:`wbinfo -u / -g / -i` does not return a result. Installing the dependencies =========================== .. code-block:: bash apt-get update export DEBIAN_FRONTEND=noninteractive apt-get install samba winbind krb5-user libnss-winbind unset DEBIAN_FRONTEND Joining the file server to the domain ===================================== * Edit the :file:`/etc/krb5.conf` file and replace the whole file by the lines below: .. code-block:: ini [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = MYDOMAIN.LAN * Ensure that the DNS configuration in :file:`/etc/nsswitch.conf` has not been modified by installing any package. If the host line looks like the line below, change it to look like the line just after: .. code-block:: ini hosts: files dns mdns4_minimal [NOTFOUND=return] mdns # BAD!!! hosts: files dns # GOOD * Ensure that kerberos is well configured (administrator is the default account created by Samba-AD, if you want to use the *administrateur* account, do not forget to change it); .. code-block:: bash kinit administrator klist .. include:: ./smb_conf.rst.inc Joining the file server to the domain ===================================== .. code-block:: bash net ads join -U administrator * Configure the :file:`/etc/nsswitch.conf` file, modify the following three lines to match the documentation: .. code-block:: ini passwd: compat winbind group: compat winbind shadow: compat winbind * Reboot with a :command:`reboot` command in order to empty the nsswitch caches: .. code-block:: bash reboot * Check the correct connection to the domain: * The following 3 commands should return users, groups and AD account informations as received by :program:`winbindd`: .. code-block:: bash wbinfo -u wbinfo -g wbinfo -i administrator * The 2 following commands should return users and groups with their *uidNumber* as interpreted by the Linux system. Make sure that you can see the users of the AD: administrator, krbtgt, etc: .. code-block:: bash getent passwd administrator Creating shares =============== .. code-block:: bash mkdir /home/shares chown administrator:"domain users" /home/shares chmod 770 /home/shares