<pre> setenforce 0 systemctl disable firewalld systemctl stop firewalld </pre> <pre> yum install epel-release -y yum install mc nano wget htop -y yum groups -y install «Development Tools» yum -y install iniparser libldb libtalloc libtdb libtevent python-devel gnutls-devel libacl-devel openldap-devel pam-devel readline-devel krb5-devel cups-devel lmdb lmdb-devel jansson-devel gpgme-devel libarchive-devel krb5-workstation </pre>
<pre> curl -O https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.gz tar zxvf samba-4.9.5.tar.gz cd samba-4.9.5 </pre>
<pre> ./configure \ –prefix=/usr \ –localstatedir=/var \ –with-configdir=/etc/samba \ –libdir=/usr/lib64 \ –with-modulesdir=/usr/lib64/samba \ –with-pammodulesdir=/lib64/security \ –with-lockdir=/var/lib/samba \ –with-logfilebase=/var/log/samba \ –with-piddir=/run/samba \ –with-privatedir=/etc/samba \ –enable-cups \ –with-acl-support \ –with-ads \ –with-automount \ –enable-fhs \ –with-pam \ –with-quotas \ –with-shared-modules=idmap_rid,idmap_ad,idmap_hash,idmap_adex \ –with-syslog \ –with-utmp \ –with-dnsupdate \ –enable-selftest –with-ads –with-systemd –with-winbind </pre>
<pre> make make install </pre>
<pre> mv /etc/samba/smb.conf /etc/samba/smb.conf.bak mv /etc/krb5.conf /etc/krb5.conf.bak </pre>
<pre> samba-tool domain provision –use-rfc2307 –interactive </pre>
nano /usr/lib/systemd/system/samba.service <pre> [Unit] Description=Samba AD Daemon Wants=network-online.target After=network.target network-online.target rsyslog.service
[Service] Type=forking PIDFile=/run/samba/samba.pid LimitNOFILE=16384 ExecStart=/usr/sbin/samba –daemon ExecReload=/bin/kill -HUP $MAINPID
[Install] WantedBy=multi-user.target </pre>
<pre> cp /etc/samba/krb5.conf /etc/ nmcli connection modify eth0 ipv4.dns 127.0.0.1 nmcli connection down eth0; nmcli connection up eth0 </pre>
<pre> systemctl enable samba systemctl start samba </pre>
<pre>
# show domain level [root@smb ~]# samba-tool domain level show Domain and forest function level for domain 'DC=srv,DC=world'
Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2
# add a domain user [root@smb ~]# samba-tool user create cent New Password: # set password Retype Password: User 'cent' created successfully </pre>
* вторичный контроллер
nano /etc/krb5.conf <pre> [libdefaults]
dns_lookup_realm = false dns_lookup_kdc = true default_realm = AUGIN.RU
</pre> <pre> kinit administrator </pre> <pre> klist </pre> <pre> samba-tool domain join augin.ru DC -U«AUGIN\administrator» –dns-backend=SAMBA_INTERNAL </pre>