CentOS 7 : Samba AD DC : Install : Server World

Samba AD DC : Install

2015/02/18

	Configure Samba Active Directory Domain Controller. The Samba package provided from CentOS official repository does not provide the DC function yet, so Download and Install Samba RPM package from http://wing-repo.net/.
[1]	Download Wing-repo and Install Samba.

[root@smb ~]#

curl http://wing-repo.net/wing/7/EL7.wing.repo -o /etc/yum.repos.d/EL7.wing.repo

[root@smb ~]#

yum --enablerepo=wing -y install samba46 samba46-dc samba46-winbind samba46-pidl samba46-winbind-krb5-locator krb5-workstation perl-Parse-Yapp perl-Test-Base python2-crypto

[2]	Configure Samba AD DC.

[root@smb ~]#

mv /etc/krb5.conf /etc/krb5.conf.org

[root@smb ~]#

mv /etc/samba/smb.conf /etc/samba/smb.conf.org

[root@smb ~]#

samba-tool domain provision

# specify Realm

Realm [SRV.WORLD]:

SRV.WORLD

# specify Domain name

Domain [SERVER]:

SMB01

# Enter with default because it sets DC

Server Role (dc, member, standalone) [dc]:

# Enter with default because it uses Built-in DNS

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:

# confirm DNS setting and Enter if it's OK

DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.1]:

# set admin password

# Do not set trivial password, if you input it, configuration wizard shows error and stops.

Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
.....
.....
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              smb
NetBIOS Domain:        SMB01
DNS Domain:            srv.world
DOMAIN SID:            S-1-5-21-1662325063-2800553262-4137037740

# change DNS setting to refer to localhost

[root@smb ~]#

nmcli connection modify eth0 ipv4.dns 127.0.0.1

[root@smb ~]#

nmcli connection down eth0; nmcli connection up eth0

[root@smb ~]#

cp /var/lib/samba/private/krb5.conf /etc/

[root@smb ~]#

systemctl start samba

[root@smb ~]#

systemctl enable samba

# show domain level

[root@smb ~]#

samba-tool domain level show

Domain and forest function level for domain 'DC=srv,DC=world'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

[3]	If Firewalld is running, allow related ports.

[root@smb ~]#

firewall-cmd --add-service={dns,kerberos,kpasswd,ldap,ldaps,samba} --permanent

success
[root@smb ~]#

firewall-cmd --add-port={135/tcp,137-138/udp,139/tcp,3268-3269/tcp,49152-65535/tcp} --permanent

success
[root@smb ~]#

firewall-cmd --reload

success