With our system up, running, and up to date, we can start installing and configuring the Samba 4 Server's dependencies. Working with all the dependencies provided directly by the GNU/Linux distribution gives us all the support from the Debian community to maintain our system that is patched against security issues. It also saves a large number of working hours as we can install ready binaries for our system. All we need to do is issue the following command at the terminal:

leal@debian7:~$ su – root
Password:
root@debian7:~# apt-get install build-essential python-dev pkg-configlibcups2-dev cups krb5-user docbook-xsl libldap2-dev libattr1-devlibacl1-dev libgnutls-dev attr python-dnspython libreadline-devlibbsd-dev libblkid-dev libpopt-dev cups git acl gdb xsltproclibsasl2-dev libaio-dev libpam-dev valgrind resolvconf autoconf ldaputils ntp isc-dhcp-server && echo OK
...
OK
root@debian7:~# exit
leal@debian7:~$

It's recommended and is a best practice to just use the root account as needed, and to use su or sudo to execute the commands that need super user privileges (for example, to install the software). So, if you want to follow the sudo approach, you need to have it installed and configured, and in case of using su, don't forget to leave the root shell after the needed administration task is performed. We will use both approaches as examples throughout the book.

The previous command will install some auxiliary components, such as Kerberos, dhcp server, cups (for printing services), and many libraries and other packages, which are needed to compile the Samba 4 Server. We just listed the main packages that we want to install on the command line as the GNU/Linux distribution will take care of and install all the other dependencies that are needed by these packages, in order to properly install them in the server. This is a powerful feature of the Debian package management system and saves a lot of time, as you see that many other packages are required to fulfill the installation command that we discussed previously.

While the installation of these packages is running, we only need to provide some information for the Kerberos configuration. If you have provided your domain information during the installation of the system, the Default Realm will already be filled with the right information. If not, you can do it now and add the information about the Realm and Administrative Server in the dialog box that apt-get install will bring up while installing krb5-user:

Default Realm: EALL.COM.BR
Realm: 127.0.0.1
Administrative Server: 127.0.0.1

If you have installed Debian 7.0 with the default options, it has been configured with the ext4 filesystem. So, let's just make sure that we have availability for all that we need in terms of filesystem features for a proper Samba 4 installation. To do that, we will inspect the kernel's config file placed in the /boot directory.

In a standard Debian installation, we can check the availability of the features of filesystems we need just by issuing the following script on the command-line prompt:

leal@debian7:~$ grep CONFIG_EXT4_FS /boot/config-`uname -r`

The output for that command must be like the following:

CONFIG_EXT4_FS=m
CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y

What the previous output tells us is that the ext4 filesystem was configured as a dynamically loadable module and the features of xattr (extended file attributes), posix_acl (access control lists), and security have been built on it.

All these extensions are needed by the Samba 4 Server for its proper execution, as it's needed by the Samba 4 AD/DC functions (for example, ACLs are required to handle Microsoft Windows OS permissions properly). With all these features available, we are in good shape and ready to proceed.

Now we will edit the fstab file of the OS to configure our system, thus enabling that features on our ext4 filesystem and providing them to the Samba 4 Server later on. Remember that any misconfiguration on your fstab file can make your system unbootable. So, after any changes on it, take a closer look at the edited fstab file to check if everything is as it should be.

First, it's a good practice to create a backup of the fstab file before editing:

leal@debian7:~$ su – root
Password: 
root@debian7:~# cp -pRf /etc/fstab /etc/fstab-bkp && echo "OK"
OK
root@debian7:~# exit
leal@debian7:~$

The output of the preceding command must be OK as it is a confirmation that our original fstab file has a backup copy to restore the file in case of any issues. After that, the following one-line script will handle the edition task of fstab for us:

leal@debian7:~$ su – root
Password: 
root@debian7:~# FFILE=/etc/fstab; cp -pRf $FFILE $FFILE-`date'+%m%d%Y'` && sed -e 's/^UUID.* \/ .*errors=remount-ro/&,user_xattr,acl,barrier=1/' $FFILE > $FFILE-new && mv $FFILE-new$FFILE && echo "$FFILE edited OK."
/etc/fstab edited OK.
root@debian7:~# exit
leal@debian7:~$

The output must be like the following code:

/etc/fstab edited OK.

If the result is not like the output, as mentioned in the preceding code, check the special characters that we have on the script, because that can be a common source of mistakes. Any errors found on the script execution must not change anything on your original fstab file. Anyway, if the output suggests an error, take a look at the original file and in case of doubt, restore it from the backup we did before the patch (for example, /etc/fstab-bkp).

What the preceding one-liner script does is that it replaces any line in the fstab file that starts with UUID and has the pattern errors=remount-ro (characteristic for an ext3 or ext4 filesystems line) with a patched version that includes the needed directives—xattr and acl. Even if you have any customized partition scheme (for example, a separated /usr/ partition), it will work, and all the lines will be patched. Take a closer look at it before you go to the next step.

Another important OS configuration is the network interfaces' file (as they are configured as dynamic by default), our domain, and DNS servers. We will configure our Samba 4 Server for the 192.168.1.0/24 IP on the eth1 interface of our system. So, this is the configuration that we need in our /etc/network/interfaces file for our eth1 card:

iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
dns-search eall.com.br
dns-domain eall.com.br
dns-nameservers 192.168.1.1

The configuration specified in the preceding code creates our interface eth1 static, sets the IP and netmask addresses, and configures our domain. Remember to change the domain in the previous example with your domain. We will work with the examples in this book with the EALL.COM.BR domain.

Note that dns-nameservers is configured to be this server itself; this is because we will soon configure the Samba 4 Server, and it has a built-in DNS server. We can perform some final checks on the edited files, and if everything is good, we will restart our server:

leal@debian7:~$ sudo shutdown -r now

After the restart, we can continue with our configuration, and the next step is the configuration of two auxiliary packages that we mentioned earlier. We need this for a proper Samba 4 Server execution of ntp and dhcp. We already have both of them installed since our previous dependencies' installation phase; we just need to configure and enable them.

Let's start with the Network Time Protocol (NTP) configuration (/etc/ntp.conf). Just add the following lines to the standard Debian NTP configuration file:

#Implementing Samba 4
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
restrict default mssntp

The first line in the preceding code is a comment, and it's always a good idea to add descriptive information about what and why something is being changed, added, or removed in any configuration (for example, you should replace the comment in the preceding example with something more descriptive). Another good practice is to add your name and date close to the change that makes everything easier when we need to understand what has been changed and why something is not working as it should. The next two lines are for the configurations that are needed for signed ntp and ms-sntp (authentication extensions).

The Dynamic Host Configuration Protocol (DHCP) configuration is not complex; we just need to add a few more lines to it. In a terminal window, just edit the /etc/dhcp/dhcpd.conf file, and replace all its content with the following lines:

# Implementing Samba 4
ddns-updates on;
option domain-name "eall.com.br";
option domain-name-servers 192.168.1.1, 192.168.1.1;
option netbios-name-servers 192.168.1.1;
option ntp-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.30;
option routers 192.168.1.1; }

In some of the configuration lines in the preceding code, it is important to get a detailed explanation as they are directly involved in Samba 4's server operations. After the comment line (the first one, starting with the # character), we have ddns-updates on. This is the directive that tells the dhcp server to update the DNS server about the new IP releases and register the client's hostname. All the option lines are information that the dhcp server will forward to its client's OSes when they get a dhcp lease. So, they will have a proper domain name server, netbios name server, ntp, and router information.

Before starting the dhcp server, the last step is to edit the /etc/default/isc-dhcp-server file and configure the interface on which the dhcp server will listen:

INTERFACES="eth1"

Now we are ready to start the dhcp server, as the installation process has already added it to init.d runlevel in order to start it at the server's boot time. To start the dhcp server now, just issue the following command:

leal@debian7:~$ su – root
Password:
root@debian7:~# /etc/init.d/isc-dhcp-server start

The output of this command must be like the following:

[ ok ] Starting ISC DHCP server: dhcpd.