Setting up a Debian Server

Instructions to setup a Debian Server VM.

Boot into Install CD through VMware.

- Select Graphical Install, English, United States, American English Keyboard

- Set hostname according to hostname rules

- Set domain name as 'crm.ventureresearch.com'

- Create RANDOM root password, >12 chars to assign. Save into Bitwarden.

Use the password in the server, you may have to manually type it into the VMware remote console as it doesn't allow copy and paste.

- Setup a user 'Venture Research'. We will disable it later, it is just used for initial setup. Username 'venture', Password '0...'.

- Set the clock to 'Central Time' if the server is physically located at VR or GIP.

- Select Guided - use entire disk and set up LVM. Select the local disk. Put all the files in 1 partition. Write the changes to disk, and use the whole disk for partitioning.

- On the confirmation screen, write the changes to disk, select 'Yes'.

Wait while it installs the base system...

Don't scan extra install media, we will install everything online. Package Manager in the USA, use 'deb.debian.org'. No proxy. Be in the package usage survey if you want.

Under Package Selection, select what you want, but at least select 'SSH Server' and 'Web Server' (even if you are loading nginx later.)

Wait while it downloads and installs software. Then make sure to install GRUB to the primary drive, selecting /dev/sda.

Done with the installer! now reboot into the OS:

It is easiest to just login as venture here, to get the IP address of the server, then login using PuTTY. use the command ip addr to get the IP.

Install some dependencies.

apt install sssd chrony krb5-user samba vim sudo curl

Edit the file /etc/network/interfaces to setup a static IP.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens192
iface ens192 inet static
        address 10.24.1.72/16
        gateway 10.24.0.10
        dns-nameservers 10.24.0.5
        dns-search crm.ventureresearch.com

# This is an autoconfigured IPv6 interface
iface ens192 inet6 static
        address 2605:ae00:1849:1::1:72
        netmask 64
        gateway 2605:ae00:1849:1::10 

OR

# The primary network interface
allow-hotplug ens192
iface ens192 inet static
        address 192.168.40.41/24
        gateway 192.168.40.10
        dns-nameservers 10.24.0.5
        dns-search crm.ventureresearch.com

This doesn't fix the file /etc/resolv.conf. Manually fix it:

echo -e "nameserver 10.24.0.5\nsearch crm.ventureresearch.com" > /etc/resolv.conf

Then restart networking to have the new IP apply. Re-login through PuTTY. (??? not sure if this works correctly, a reboot might be better)

root@dvnet-www-prod:~# ifdown ens192 && ifup ens192

- download the Domain Join tarball onto the server in /tmp/

curl http://readonly:secret@svn/svn/linux/branches/kevinb/domain-join/domain-join.tar.gz | tar xzvC /tmp

### OLD ### scp domain-join.tar.gz venture@192.168.40.101:/tmp/

- Confirm the following are correct: IP address, hostname. Run the domain-join script to add the VM to the domain and enable AD logins.

root@zulip-deb:~# cd /tmp/domain-join
root@zulip-deb:~# ./domain-join.sh

### OLD ### root@dvnet-www-prod:/tmp/domain-join# ./domain-join.sh

- Enter the password for linuxadjoiner (this can be found in bitwarden.)

Executing: /lib/systemd/systemd-sysv-install disable samba-ad-dc
Unit /etc/systemd/system/samba-ad-dc.service is masked, ignoring.
Job for smbd.service failed because the control process exited with error code.
See "systemctl status smbd.service" and "journalctl -xe" for details.
Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable smbd
Using account linuxadjoiner to join domain crm.ventureresearch.com...

Logging into domain as the administrator
Password for linuxadjoiner@CRM.VENTURERESEARCH.COM: <enter password>

  ...

Listing kerberos tickets for the domain administrator:
------------------------------------------------------------------------
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: linuxadjoiner@CRM.VENTURERESEARCH.COM

Valid starting       Expires              Service principal
08/10/2021 17:01:52  08/11/2021 03:01:52  krbtgt/CRM.VENTURERESEARCH.COM@CRM.VENTURERESEARCH.COM
        renew until 08/11/2021 17:01:04

Requesting domain join using administrator kerberos ticket

   ...

AD should now be working!
root@dvnet-www-prod:/tmp/domain-join#

- Attempt a login in putty using your own credentials, and the hostname directly (use DNS, not the IP.) Make sure you can login.

- Use sudo to disable the venture account.

kevinb@dvnet-www-prod:~$ sudo passwd -l venture
passwd: password expiry information changed.
kevinb@dvnet-www-prod:~$ sudo chage -E0 venture

extra:

for getting correct users on CIFS drives:

rm /etc/alternatives/idmap-plugin

ln -s /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so /etc/alternatives/idmap-plugin

https://unix.stackexchange.com/questions/748759/disabling-suspend-etc-on-debian-12