LINUXexpert

How to Create a Windows Domain Controller using Debian

1. Introduction

This guide will walk you through the steps to set up a Windows Domain Controller using Samba on a Debian server.

2. Prerequisites

  • Debian server with root access
  • Static IP address configured on the Debian server
  • Updated system packages

3. Update and Upgrade the System


sudo apt update
sudo apt upgrade -y

4. Install Necessary Packages


sudo apt install samba krb5-config winbind libpam-winbind libnss-winbind smbclient -y

5. Configure Kerberos


sudo nano /etc/krb5.conf

Modify the file to include your domain details:

[libdefaults]
default_realm = YOURDOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = true
[realms]
YOURDOMAIN.COM = { kdc = your.kdc.server admin_server = your.admin.server }
[domain_realm]
.yourdomain.com = YOURDOMAIN.COM yourdomain.com = YOURDOMAIN.COM
6. Configure Samba

sudo nano /etc/samba/smb.conf
    
Add or modify the following settings:
[global]
workgroup = YOURDOMAIN realm = YOURDOMAIN.COM netbios name = YOURSERVER server role = active directory domain controller dns forwarder = your.dns.server idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/yourdomain.com/scripts read only = no
[sysvol]
path = /var/lib/samba/sysvol read only = no
7. Provision Samba

sudo samba-tool domain provision --use-rfc2307 --interactive
    
Follow the prompts to set up your domain.
8. Start and Enable Services

sudo systemctl start samba-ad-dc
sudo systemctl enable samba-ad-dc
sudo systemctl start winbind
sudo systemctl enable winbind
    
9. Verify the Setup

smbclient -L localhost -U%
    
You should see a list of shares if everything is configured correctly.
10. Join a Windows Machine to the Domain
On your Windows machine, go to System Properties > Computer Name > Change and enter your domain details.
11. Additional Configuration
You may need to configure DNS, user management, and other services based on your specific requirements.
12. Troubleshooting
If you encounter issues, check the logs located in /var/log/samba/ for detailed error messages.
Conclusion
By following these steps, you should have a fully functional Windows Domain Controller running on a Debian server using Samba.
 
 
 
 
 
 
Other Recent Posts