Preparing your Debian host

Choosing the DNS suffix for the domain

For the choice of the domain name, there are two options:

• Use a DNS suffix ending in .lan, for example mydomain.lan.

• Use a sub-domain of a public domain you own, for example ad.mycompany.com.

Attention

In any case it is absolutely necessary to avoid suffixes in .local because this suffix has been appropriated by Apple for its Bonjour protocol / mDNS.

In the instructions below, the domain name will be mydomain.lan which you will replace with the domain name of your choice.

Install the server

To install a new Debian 64bit (physical or virtual machine) without GUI and only with the SSH service installed (minimal type installation), refer to this documentation.

Note

We recommend the installation of Samba-AD on Linux (Debian / RedHat8 and derived distributions), configured according to the ANSSI Recommendations for configuring a GNU / Linux system.

Configuring the network functions of your server

Hint

If you have a corporate proxy.

To add the proxy to install DEB packages, create the file /etc/apt/apt.conf.d/90proxy by adapting it to your context (proxy server name and connection port):

Acquire::https::proxy "http://proxy:3128";
Acquire::http::proxy "http://proxy:3128";

To configure the proxy for the different commands of the root user, add the following lines at the end of /root/.bashrc:

export http_proxy=http://proxy.mydomain.lan:3128
export https_proxy=http://proxy.mydomain.lan:3128
export ftp_proxy=http://proxy.mydomain.lan:3128
#export no_proxy=.lan,.local

To apply immediately this modification, do:

source /root/.bashrc

Configuring the DNS name

Hint

The name of your new Samba-AD server must not exceed 15 characters (limit linked to sAMAccountName in Active Directory). In this documentation we will use the name srvads.

The server name must be a FQDN name, i.e. the concatenation of the machine name and the DNS suffix.

• Modify the file /etc/hostname and fill in the FQDN name of the server:

  srvads.mydomain.lan
  

• Edit /etc/hosts, fill in the name FQDN and the short name of the server.

Hint

• On the line corresponding to the IP address of the Samba-AD server put first the FQDN name, then the short name.

• Do not modify the line(s) containing the term localhost:

# /etc/hosts of the Samba-AD server
10.0.0.10 srvads.mydomain.lan srvads

Configuring the IP address

• Edit /etc/network/interfaces and set a static IP address:

  # /etc/network/interfaces
  auto eth0
  iface eth0 inet static
    address 192.168.0.11/24
    gateway 192.168.0.254
  

Attention

Since Debian version 9, the interfaces are no longer automatically called ethX but wpsX for wifi and ensX for ethernet. To find named interfaces like the previous versions, follow this tutorial, or see this article or this other article.

• Apply the network configuration by rebooting the machine with a reboot:

  reboot
  

Finalizing your basic configuration

• After the reboot, set the system language to English to make it easier to find problems in the logs:

  apt-get install -y locales-all
  localectl set-locale LANG=en_US.utf8
  localectl status
  

• Disable avahi-daemon (mDNS protocol / bonjour):

  systemctl stop avahi-daemon.service avahi-daemon.socket
  systemctl disable avahi-daemon.service avahi-daemon.socket
  

• Update Debian and install the necessary administration tools:

  apt-get update -y
  apt-get install -y wget sudo screen nmap telnet tcpdump rsync net-tools dnsutils htop apt-transport-https vim gnupg lsb-release
  

You can now go to the next step and install Samba-AD on your Debian.