View on GitHub

A collection of How-To to install and operate a Personal Cloud

Install Samba as an Active Directory

apt install samba krb5-config winbind smbclient ntp
Default Kerberos version 5 realm
EXAMPLE.COM
Kerberos servers for your realm
DC1.EXAMPLE.COM
Administrative server for your Kerberos realm
DC1.EXAMPLE.COM
mv /etc/samba/smb.conf /etc/samba/smb.conf.org
samba-tool domain provision
cp /var/lib/samba/private/krb5.conf /etc/
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl unmask samba-ad-dc
systemctl start samba-ad-dc
systemctl enable samba-ad-dc

Create user

samba-tool user create username

DNS

vi /etc/resolv.conf
nameserver 192.168.0.101
samba-tool dns zonecreate example.com 0.168.192.in-addr.arpa -U Administrator
samba-tool dns add 192.168.0.101 0.168.192.in-addr.arpa 1 PTR dc1.example.com -U Administrator
systemctl stop samba-ad-dc
systemctl start samba-ad-dc

Optional Feature for Windows 11

SSL

apt install certbot
certbot certonly --standalone -d dc1.example.com
vi /etc/samba/smb.conf

Section [global]

tls enabled  = yes
tls keyfile  = /etc/letsencrypt/live/dc1.example.com/privkey.pem
tls certfile = /etc/letsencrypt/live/dc1.example.com/fullchain.pem
tls cafile   = 
systemctl stop samba-ad-dc
systemctl start samba-ad-dc

Secure samba

vi /etc/samba/smb.conf

Section [global]

ntlm auth = mschapv2-and-ntlmv2-only
disable netbios = yes
smb ports = 445
 
printcap name = /dev/null
load printers = no
disable spoolss = yes
printing = bsd

Debian join domain

vi /etc/resolv.conf
apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit 
vi  /etc/pam.d/common-session
session optional        pam_mkhomedir.so skel=/etc/skel umask=077
apt install sssd realmd 
realm join --user=administrator example.com
vi /etc/sssd/sssd.conf

Change

use_fully_qualified_names = False

Remove

services = nss, pam

Add to avoid Forcing GPO even if the file does not exist

ad_gpo_access_control = permissive

Test

id username@example.com
getent passwd username@example.com

Reset Administrator password

samba-tool user setpassword Administrator