<pre>
sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config
setenforce 0
systemctl disable firewalld --now
echo "`hostname -I` `hostname` `hostname -s`" >> /etc/hosts
</pre>
<pre>
dnf install epel-release -y
dnf install mc htop -y
dnf groups -y install "Development Tools"
dnf -y install dbus-devel iniparser python36-devel gnutls-devel libacl-devel openldap-devel pam-devel readline-devel krb5-devel cups-devel lmdb lmdb-devel jansson-devel gpgme-devel libarchive-devel krb5-workstation perl-Parse-Yapp rpcgen libtirpc-devel python3-dns python3-cryptography python3-pyasn1 python3-markdown --enablerepo=powertools
</pre>

<pre>
curl -O https://download.samba.org/pub/samba/stable/samba-4.13.6.tar.gz
tar zxvf samba-4.13.6.tar.gz
cd samba-4.13.6
</pre>

<pre>
./configure \
--prefix=/usr \
--localstatedir=/var \
--with-configdir=/etc/samba \
--libdir=/usr/lib64 \
--with-modulesdir=/usr/lib64/samba \
--with-pammodulesdir=/lib64/security \
--with-lockdir=/var/lib/samba \
--with-logfilebase=/var/log/samba \
--with-piddir=/run/samba \
--with-privatedir=/etc/samba \
--enable-cups \
--with-acl-support \
--with-ads \
--with-automount \
--enable-fhs \
--with-pam \
--with-quotas \
--with-shared-modules=idmap_rid,idmap_ad,idmap_hash,idmap_adex \
--with-syslog \
--with-utmp \
--with-dnsupdate \
--enable-selftest --with-ads --with-systemd --with-winbind
</pre>

<pre>
make 
make install
</pre>

<pre>
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
mv /etc/krb5.conf /etc/krb5.conf.bak
</pre>

<pre>
cat << EOF > /usr/lib/systemd/system/samba.service
[Unit]
Description=Samba AD Daemon
Wants=network-online.target
After=network.target network-online.target rsyslog.service

[Service]
Type=forking
PIDFile=/run/samba/samba.pid
LimitNOFILE=16384
ExecStart=/usr/sbin/samba --daemon
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl enable samba
</pre>

* вторичный контроллер

<pre>
cat << EOF > /etc/krb5.conf
[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = AUGIN.RU

EOF

</pre>
<pre>
kinit administrator
</pre>
<pre>
klist
</pre>
<pre>
samba-tool domain join augin.ru DC -U"AUGIN\administrator" --dns-backend=SAMBA_INTERNAL
</pre>
 systemctl start samba

* новый домен
<pre>
samba-tool domain provision --use-rfc2307 --interactive
</pre>

<pre>
cp /etc/samba/krb5.conf /etc/
nmcli connection modify eth0 ipv4.dns 127.0.0.1 
nmcli connection down eth0; nmcli connection up eth0
</pre>

<pre>

# show domain level
[root@smb ~]# samba-tool domain level show 
Domain and forest function level for domain 'DC=srv,DC=world'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

# add a domain user
[root@smb ~]# samba-tool user create cent 
New Password:   # set password
Retype Password:
User 'cent' created successfully
</pre>