Installing and configuring Samba 4 Server's dependencies
With our system up, running, and up to date, we can start installing and configuring the Samba 4 Server's dependencies. Working with all the dependencies provided directly by the GNU/Linux distribution gives us all the support from the Debian community to maintain our system that is patched against security issues. It also saves a large number of working hours as we can install ready binaries for our system. All we need to do is issue the following command at the terminal:
It's recommended and is a best practice to just use the root account as needed, and to use su
or sudo
to execute the commands that need super user privileges (for example, to install the software). So, if you want to follow the sudo
approach, you need to have it installed and configured, and in case of using su
, don't forget to leave the root shell after the needed administration task is performed. We will use both approaches as examples throughout the book.
The previous command will install some auxiliary components, such as Kerberos, dhcp
server, cups (for printing services), and many libraries and other packages, which are needed to compile the Samba 4 Server. We just listed the main packages that we want to install on the command line as the GNU/Linux distribution will take care of and install all the other dependencies that are needed by these packages, in order to properly install them in the server. This is a powerful feature of the Debian package management system and saves a lot of time, as you see that many other packages are required to fulfill the installation command that we discussed previously.
While the installation of these packages is running, we only need to provide some information for the Kerberos configuration. If you have provided your domain information during the installation of the system, the Default Realm will already be filled with the right information. If not, you can do it now and add the information about the Realm and Administrative Server in the dialog box that apt-get
install will bring up while installing krb5-user
:
Note
It's crucial to write the Kerberos Default Realm (FQDN) in uppercase.
If you have installed Debian 7.0 with the default options, it has been configured with the ext4
filesystem. So, let's just make sure that we have availability for all that we need in terms of filesystem features for a proper Samba 4 installation. To do that, we will inspect the kernel's config
file placed in the /boot
directory.
In a standard Debian installation, we can check the availability of the features of filesystems we need just by issuing the following script on the command-line prompt:
Note
If you have a custom kernel and have the config
file in a different location, change the file's path at the previous command to adjust it to your settings.
The output for that command must be like the following:
What the previous output tells us is that the ext4
filesystem was configured as a dynamically loadable module and the features of xattr
(extended file attributes), posix_acl
(access control lists), and security have been built on it.
Note
You can use a script such as grep CONFIG_EXT\[2-4\]_FS /boot/config-`uname -r`
to check ext2
, ext3
and ext4
filesystems' features on your kernel.
All these extensions are needed by the Samba 4 Server for its proper execution, as it's needed by the Samba 4 AD/DC functions (for example, ACLs are required to handle Microsoft Windows OS permissions properly). With all these features available, we are in good shape and ready to proceed.
Now we will edit the fstab
file of the OS to configure our system, thus enabling that features on our ext4
filesystem and providing them to the Samba 4 Server later on. Remember that any misconfiguration on your fstab
file can make your system unbootable. So, after any changes on it, take a closer look at the edited fstab
file to check if everything is as it should be.
First, it's a good practice to create a backup of the fstab
file before editing:
The output of the preceding command must be OK
as it is a confirmation that our original fstab
file has a backup copy to restore the file in case of any issues. After that, the following one-line script will handle the edition task of fstab
for us:
The output must be like the following code:
If the result is not like the output, as mentioned in the preceding code, check the special characters that we have on the script, because that can be a common source of mistakes. Any errors found on the script execution must not change anything on your original fstab
file. Anyway, if the output suggests an error, take a look at the original file and in case of doubt, restore it from the backup we did before the patch (for example, /etc/fstab-bkp
).
What the preceding one-liner script does is that it replaces any line in the fstab
file that starts with UUID and has the pattern errors=remount-ro
(characteristic for an ext3
or ext4
filesystems line) with a patched version that includes the needed directives—xattr
and acl
. Even if you have any customized partition scheme (for example, a separated /usr/
partition), it will work, and all the lines will be patched. Take a closer look at it before you go to the next step.
Another important OS configuration is the network interfaces' file (as they are configured as dynamic by default), our domain, and DNS servers. We will configure our Samba 4 Server for the 192.168.1.0/24
IP on the eth1
interface of our system. So, this is the configuration that we need in our /etc/network/interfaces
file for our eth1
card:
Tip
Don't forget to add the second interface (eth1
) to the allow-hotplug
directive, and the right configuration for your eth0
interface (the one with Internet access and a default gateway).
The configuration specified in the preceding code creates our interface eth1 static
, sets the IP and netmask addresses, and configures our domain. Remember to change the domain in the previous example with your domain. We will work with the examples in this book with the EALL.COM.BR
domain.
Note that dns-nameservers
is configured to be this server itself; this is because we will soon configure the Samba 4 Server, and it has a built-in DNS server. We can perform some final checks on the edited files, and if everything is good, we will restart our server:
After the restart, we can continue with our configuration, and the next step is the configuration of two auxiliary packages that we mentioned earlier. We need this for a proper Samba 4 Server execution of ntp
and dhcp
. We already have both of them installed since our previous dependencies' installation phase; we just need to configure and enable them.
Let's start with the
Network Time Protocol (NTP) configuration (/etc/ntp.conf
). Just add the following lines to the standard Debian NTP configuration file:
The first line in the preceding code is a comment, and it's always a good idea to add descriptive information about what and why something is being changed, added, or removed in any configuration (for example, you should replace the comment in the preceding example with something more descriptive). Another good practice is to add your name and date close to the change that makes everything easier when we need to understand what has been changed and why something is not working as it should. The next two lines are for the configurations that are needed for signed ntp
and ms-sntp
(authentication extensions).
The Dynamic Host Configuration
Protocol (DHCP) configuration is not complex; we just need to add a few more lines to it. In a terminal window, just edit the /etc/dhcp/dhcpd.conf
file, and replace all its content with the following lines:
Note
If you use the vi
editor, you can replace the whole content of the file (just after the file is opened), issuing: dGi
. After that, just add the lines in the preceding command and close and save the file, issuing: Esc:x
.
In some of the configuration lines in the preceding code, it is important to get a detailed explanation as they are directly involved in Samba 4's server operations. After the comment line (the first one, starting with the #
character), we have ddns-updates on
. This is the directive that tells the
dhcp
server to update the DNS server about the new IP releases and register the client's hostname. All the option
lines are information that the dhcp
server will forward to its client's OSes when they get a dhcp
lease. So, they will have a proper domain name server, netbios name server, ntp
, and router information.
Before starting the dhcp
server, the last step is to edit the /etc/default/isc-dhcp-server
file and configure the interface on which the dhcp
server will listen:
Now we are ready to start the
dhcp
server, as the installation process has already added it to init.d runlevel
in order to start it at the server's boot time. To start the dhcp
server now, just issue the following command:
The output of this command must be like the following: