CentOS 7
Sponsored Link

Samba AD DC : Install
Configure Samba Active Directory Domain Controller.
The Samba package provided from CentOS official repository does not provide the DC function yet, so Download and Install Samba RPM package from http://wing-repo.net/.
[1] Download Wing-repo and Install Samba.
[root@smb ~]#
curl http://wing-repo.net/wing/7/EL7.wing.repo -o /etc/yum.repos.d/EL7.wing.repo
[root@smb ~]#
yum --enablerepo=wing -y install samba46 samba46-dc samba46-winbind samba46-pidl samba46-winbind-krb5-locator krb5-workstation perl-Parse-Yapp perl-Test-Base python2-crypto
[2] Configure Samba AD DC.
[root@smb ~]#
mv /etc/krb5.conf /etc/krb5.conf.org

[root@smb ~]#
mv /etc/samba/smb.conf /etc/samba/smb.conf.org

[root@smb ~]#
samba-tool domain provision

# specify Realm

Realm [SRV.WORLD]:

# specify Domain name

Domain [SERVER]:

# Enter with default because it sets DC

Server Role (dc, member, standalone) [dc]:
# Enter with default because it uses Built-in DNS

# confirm DNS setting and Enter if it's OK

DNS forwarder IP address (write 'none' to disable forwarding) []:
# set admin password

# Do not set trivial password, if you input it, configuration wizard shows error and stops.

Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              smb
NetBIOS Domain:        SMB01
DNS Domain:            srv.world
DOMAIN SID:            S-1-5-21-1662325063-2800553262-4137037740

# change DNS setting to refer to localhost

[root@smb ~]#
nmcli connection modify eth0 ipv4.dns

[root@smb ~]#
nmcli connection down eth0; nmcli connection up eth0
[root@smb ~]#
cp /var/lib/samba/private/krb5.conf /etc/

[root@smb ~]#
systemctl start samba

[root@smb ~]#
systemctl enable samba

# show domain level

[root@smb ~]#
samba-tool domain level show

Domain and forest function level for domain 'DC=srv,DC=world'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2
[3] If Firewalld is running, allow related ports.
[root@smb ~]#
firewall-cmd --add-service={dns,kerberos,kpasswd,ldap,ldaps,samba} --permanent

[root@smb ~]#
firewall-cmd --add-port={135/tcp,137-138/udp,139/tcp,3268-3269/tcp,49152-65535/tcp} --permanent

[root@smb ~]#
firewall-cmd --reload

Matched Content