<pre>
setenforce 0
systemctl disable firewalld
systemctl stop firewalld
</pre>
<pre>
yum install epel-release -y
yum install mc nano wget htop -y
yum groups -y install "Development Tools"
yum -y install iniparser libldb libtalloc libtdb libtevent python-devel gnutls-devel libacl-devel openldap-devel pam-devel readline-devel krb5-devel cups-devel lmdb lmdb-devel jansson-devel gpgme-devel libarchive-devel krb5-workstation
</pre>

<pre>
curl -O https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.gz
tar zxvf samba-4.9.5.tar.gz 
cd samba-4.9.5 
</pre>

<pre>
./configure \
--prefix=/usr \
--localstatedir=/var \
--with-configdir=/etc/samba \
--libdir=/usr/lib64 \
--with-modulesdir=/usr/lib64/samba \
--with-pammodulesdir=/lib64/security \
--with-lockdir=/var/lib/samba \
--with-logfilebase=/var/log/samba \
--with-piddir=/run/samba \
--with-privatedir=/etc/samba \
--enable-cups \
--with-acl-support \
--with-ads \
--with-automount \
--enable-fhs \
--with-pam \
--with-quotas \
--with-shared-modules=idmap_rid,idmap_ad,idmap_hash,idmap_adex \
--with-syslog \
--with-utmp \
--with-dnsupdate \
--enable-selftest --with-ads --with-systemd --with-winbind
</pre>

<pre>
make 
make install
</pre>


<pre>
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
mv /etc/krb5.conf /etc/krb5.conf.bak
</pre>

<pre>
samba-tool domain provision --use-rfc2307 --interactive
</pre>


nano /usr/lib/systemd/system/samba.service
<pre>
[Unit]
Description=Samba AD Daemon
Wants=network-online.target
After=network.target network-online.target rsyslog.service

[Service]
Type=forking
PIDFile=/run/samba/samba.pid
LimitNOFILE=16384
ExecStart=/usr/sbin/samba --daemon
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
</pre>

<pre>
cp /etc/samba/krb5.conf /etc/
nmcli connection modify eth0 ipv4.dns 127.0.0.1 
nmcli connection down eth0; nmcli connection up eth0
</pre>

<pre>
systemctl enable samba
systemctl start samba
</pre>

<pre>

# show domain level
[root@smb ~]# samba-tool domain level show 
Domain and forest function level for domain 'DC=srv,DC=world'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

# add a domain user
[root@smb ~]# samba-tool user create cent 
New Password:   # set password
Retype Password:
User 'cent' created successfully
</pre>


* вторичный контроллер

nano /etc/krb5.conf
<pre>
[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = AUGIN.RU
</pre>
<pre>
kinit administrator
</pre>
<pre>
klist
</pre>
<pre>
samba-tool domain join augin.ru DC -U"AUGIN\administrator" --dns-backend=SAMBA_INTERNAL
</pre>