Debian Linux is a great operating system. It is a powerful tool that can bring many advantages to your network. Using it in a Windows environment can be very difficult.  There are a lot of obstacles to seamlessly implementing a Debian Linux system in your network. The first, and I believe most important, is user account authentication.

If your workstations are on an Active Directory domain, your users are used to authentication happening behind the scenes. A username and password box when using one service or another can create a lot of frustration. If you have ever tried to put a Debian Linux system into production, you have probably run into this problem.  Additionally, in an AD environment, administrators can log into ANY machine for maintenance or troubleshooting with a domain administrator password.

What you already have is an active username and password database and seamless authentication to network services. These are luxuries that are hard to be without.  If you cannot authenticate users to your active directory domain, you will either have insecure services out in the wild and a user database that you have to manually create and update.

AD authentication is not native to Debian, so some software needs to be used to allow the two to interoperate. The software that makes this possible is called Samba.  Samba handles file shares and other network characteristics that mimic a Windows computer. Winbind is a component of Samba that handles translation of user and group mappings from Active Directory to Linux “languages”.  Kerberos is the low level network authentication protocol that handles secure encripted transmission of your password to authenticate your Active Directory sessions.

These instructions will show you how to set up a shared folder using a Debian Linux file server. They all assume that you are running the commands as the root user. There are a number of steps necessary to bring the power of a Debian Linux machine to the AD world. I will outline them below. Each step has it’s own page.

1. Install prerequisite packages
2. Create Samba configuration files
3. Configure and test Kerberos
4. Allow winbind to enumerate from Active Directory to Linux accounts
5. Join the Debian Linux server to active directory
6. Authorize winbind to authenticate users on the server
7. Give Active Directory administrators elevated access to the Debian Linux server
8. Create a group share for a domain group with Samba