I am sharing with you my complete installation script for setting up a Debian 11 environment.
Functioning:
- [GENERIC] Creating a configuration file (Variable=value)
- [GENERIC] Configuring the network card (/etc/network/interfaces)
- [GENERIC] Setting the hostname (/etc/hostname and /etc/hosts)
- [GENERIC] Setting the system language (locale, keymap)
- [GENERIC] Setting the time zone (Europe/Paris, NTP True)
- [GENERIC] Setting a time server (NTP)
- [GENERIC] Setting the base Debian repositories (Main contrib non-free)
- [GENERIC] Updating the system
- [GENERIC] Adding utility packages (curl, htop, sudo, wget)
- [GENERIC] Sudoers (Learning only)
- [GENERIC] Resetting the login banners
- [GENERIC] Installing the resolvconf package
- [DHCP] Installing and configuring a DHCP server (/etc/default/isc-dhcp-server, /etc/dhcp/dhcpd.conf)
- [DHCP] IP Reservation in DHCP
- [Samba-AD-DC] Disabling Avahi
- [Samba-AD-DC] Installing Prerequisite Packages (See Documentation)
- [Samba-AD-DC] Adding the Samba Repository with its GPG Key
- [Samba-AD-DC] Installing Samba-AD
- [Samba-AD-DC] Configuring a Domain Name (/etc/krb5.conf)
- [Samba-AD-DC] Setting Samba as a Domain Controller (samba-tool domain provision)
- [Samba-AD-DC] Setting the Administrator Account Password
- [Samba-AD-DC] Disabling Administrator Account Expiration (Commented)
- [Samba-AD-DC] Configuring Resolvconf
- [Samba-AD-DC] Creating a Symbolic Link
- [Samba-AD-DC] Managing Services
- [Samba-AD-DC] Check Active Directory Functionality
- [Samba-AD-DC] Check DNS Functionality
- [Samba-AD-DC] Create Indirect Zone (Experimental)
- [Samba-AD-DC] Add User
- [Samba-AD-DC] Change User to Administrator
- [Samba-AD-DC] Activate Account
- [Samba-AD-DC] Unlock Account (Optional)
- [Samba-AD-DC] Verify Account Functionality
Code: Select all
clear;
echo "#####################################
# Fichier de configuration #
############################
# Machine
NOM=sldebian
# Adresse de Bouclage
BOUCLAGE=127.0.0.1
# Interface Physique
NET=ens18
# IPV4
IP=192.168.10.5
BR=192.168.10.255
MASK=255.255.255.0
GW=192.168.10.1
DNS1=192.168.10.1
# DHCP
RESEAU=192.168.10.0
ZONE_INVERSE=10.168.192.in-addr.arpa
DHCP_DEBUT='192.168.10.20'
DHCP_FIN='192.168.10.30'
MAC=$(ip add show $NET | grep ff:ff | cut -d "r" -f 2 | cut -c 2-18)
# AD-DC
DOMAINE1=lan
DOMAINE2=local
DOMAINE3=LAN
DOMAINE4=LOCAL
PASSWORD_ADMIN=admin
# LINUX
SUDOERS=marc
#####################################" > /etc/os-ad;Code: Select all
clear;
source /etc/os-ad;
echo "##########################################
source /etc/network/interfaces.d/*
##########################################
# Adresse de bouclage
auto lo
iface lo inet loopback
##########################################
# Interface principale en Statique
auto ${NET}
allow-hotplug ${NET}
iface ${NET} inet static
address ${IP}
netmask ${MASK}
gateway ${GW}
dns-nameservers ${DNS1}
dns-search $DOMAINE1.$DOMAINE2
dns-domain $DOMAINE1.$DOMAINE2
##########################################" > /etc/network/interfaces;
systemctl restart networking;Code: Select all
clear;
source /etc/os-ad;
hostnamectl set-hostname $NOM;
echo "##############################################
127.0.0.1 localhost
127.0.0.1 localhost localhost.localdomain
$IP ${NOM}.${DOMAINE1}.${DOMAINE2} ${NOM}
##############################################" > /etc/hosts;I'm setting the language to French.
Code: Select all
clear;
apt install -y locales-all 1>/dev/null;
localectl set-locale "fr_FR.UTF-8";
localectl set-keymap "fr";
localectl set-x11-keymap "fr" "pc105" "latin9" "terminate:ctrl_alt_bksp";
systemctl restart console-setup.service;I don't know if this is the best method, but I do it this way.
Code: Select all
clear;
timedatectl set-timezone Europe/Paris;
timedatectl set-ntp true;
timedatectl set-local-rtc false;Code: Select all
clear;
echo "[Time]
NTP=0.debian.pool.ntp.org
#FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org" > /etc/systemd/timesyncd.conf;
systemctl restart systemd-timesyncd.service;Code: Select all
clear;
source /etc/os-release;
echo "deb http://ftp.fr.debian.org/debian/ $VERSION_CODENAME main contrib non-free
deb-src http://ftp.fr.debian.org/debian/ $VERSION_CODENAME main
deb http://security.debian.org/debian-security $VERSION_CODENAME-security main contrib
deb-src http://security.debian.org/debian-security $VERSION_CODENAME-security main contrib
deb http://ftp.fr.debian.org/debian/ $VERSION_CODENAME-updates main contrib
deb-src http://ftp.fr.debian.org/debian/ $VERSION_CODENAME-updates main contrib" > /etc/apt/sources.list;Code: Select all
clear;
apt update 1>/dev/null;
apt upgrade -y 1>/dev/null;Code: Select all
clear;
apt install -y curl 1>/dev/null;
apt install -y htop 1>/dev/null;
apt install -y software-properties-common 1>/dev/null;
apt install -y sudo 1>/dev/null;
apt install -y wget 1>/dev/null;Bad practice in a production environment, learning only
Code: Select all
clear;
source /etc/os-ad;
echo "$SUDOERS ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/admin;Code: Select all
clear;
echo "" > /etc/motd;Code: Select all
apt install -y resolvconf 1>/dev/null;Code: Select all
clear;
apt remove --purge ifupdown2 1>/dev/null 2>/dev/null;
apt install -y isc-dhcp-server 1>/dev/null;
source /etc/os-ad;
echo "#########################################
DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
DHCPDv4_PID=/var/run/dhcpd.pid
INTERFACESv4=\"$NET\"
#########################################" > /etc/default/isc-dhcp-server;
echo "authoritative;
subnet $RESEAU netmask $MASK {
range $DHCP_DEBUT $DHCP_FIN;
default-lease-time 86400;
max-lease-time 676800;
option domain-name-servers $DNS1;
option netbios-name-servers $DNS1;
option routers $GW;
option subnet-mask $MASK;
option broadcast-address $BR;
# Plantage
#option domain-name "$DOMAINE1";
}
host $NOM {
hardware ethernet $MAC;
fixed-address $IP;
}" > /etc/dhcp/dhcpd.conf;
systemctl enable --now isc-dhcp-server;Avahi service deactivation
Code: Select all
clear;
systemctl disable --now avahi-daemon.service 2>/dev/null;
systemctl disable --now avahi-daemon.socket 2>/dev/null;Code: Select all
clear;
apt install -y apt-transport-https 1>/dev/null;
apt install -y curl 1>/dev/null;
apt install -y dnsutils 1>/dev/null;
apt install -y gnupg 1>/dev/null;
apt install -y htop 1>/dev/null;
apt install -y lsb-release 1>/dev/null;
apt install -y net-tools 1>/dev/null;
apt install -y nmap 1>/dev/null;
apt install -y rsync 1>/dev/null;
apt install -y screen 1>/dev/null;
apt install -y sudo 1>/dev/null;
apt install -y tcpdump 1>/dev/null;
apt install -y telnet 1>/dev/null;
apt install -y vim 1>/dev/null;
apt install -y wget 1>/dev/null;Samba Depots
Code: Select all
clear;
wget -qO- https://samba.tranquil.it/tissamba-pubkey.gpg | tee /usr/share/keyrings/tissamba.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/tissamba.gpg] https://samba.tranquil.it/debian/samba-4.18/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/tissamba.list;
apt update 1>/dev/null;Installing Samba-AD-DC
Code: Select all
clear;
export DEBIAN_FRONTEND=noninteractive
apt install -y ldb-tools 1>/dev/null;
apt install -y libnss-winbind 1>/dev/null;
apt install -y krb5-user 1>/dev/null;
apt install -y python3-cryptography 1>/dev/null;
apt install -y samba 1>/dev/null;
apt install -y smbclient 1>/dev/null;
apt install -y winbind 1>/dev/null;
unset DEBIAN_FRONTENDDomain Configuration
Code: Select all
clear;
source /etc/os-ad;
echo "[libdefaults]
default_realm = $DOMAINE3.$DOMAINE4
dns_lookup_kdc = true
dns_lookup_realm = false" > /etc/krb5.conf;Code: Select all
clear;
source /etc/os-ad;
rm -f /etc/samba/smb.conf;
samba-tool domain provision --realm=$DOMAINE3.$DOMAINE4 --domain $DOMAINE3 --server-role=dc;Code: Select all
clear;
source /etc/os-ad;
samba-tool user setpassword --newpassword=$PASSWORD_ADMIN administrator;
# samba-tool user setexpiry administrator --noexpiry;Code: Select all
clear;
grep "dns forwarder" /etc/samba/smb.conf;Resolvconf
Code: Select all
clear;
source /etc/os-ad;
sed -i -e "s/$DNS1/$BOUCLAGE/g" /etc/resolv.conf;Symbolic Kerberos Links
Code: Select all
clear;
rm -f /var/lib/samba/private/krb5.conf;
ln -s /etc/krb5.conf /var/lib/samba/private/krb5.conf;Service Management
Code: Select all
clear;
systemctl disable nmbd;
systemctl disable samba;
systemctl disable smbd;
systemctl disable winbind;
systemctl mask samba;
systemctl mask nmbd;
systemctl mask smbd;
systemctl mask winbind;
systemctl unmask samba-ad-dc;
systemctl enable samba-ad-dc;
reboot;Testing Active Directory
Code: Select all
clear;
source /etc/os-ad;
echo "$PASSWORD_ADMIN" | /usr/bin/kinit administrator;Test DNS resolution
Code: Select all
clear;
source /etc/os-ad;
dig @localhost google.fr;
dig @localhost $NAME.$DOMAINE1.$DOMAINE2;
dig -t SRV @localhost _ldap._tcp.$DOMAINE1.$DOMAINE2;Creation of the Inverted Zone (Experimental)
The creation of the Inverted zone has not been verified yet.
Code: Select all
clear;
source /etc/os-ad;
# Suppression
samba-tool dns zonedelete $NOM $ZONE_INVERSE --username=administrator --password=$PASSWORD_ADMIN 1>/dev/null;
# Creation
samba-tool dns zonecreate $NOM $ZONE_INVERSE --username=administrator --password=$PASSWORD_ADMIN 1>/dev/null;
samba-tool dns add $NOM.$DOMAINE1.$DOMAINE2 $ZONE_INVERSE 55 PTR $NOM.$DOMAINE1.$DOMAINE -U administrator;