Samba AD on CentOS7

From SambaWiki

This page describe Samba4 Active Directory installation on CentOS. The environment is composed of 2 DCs with replication, and one fileserver.



The installation is based on CentOS7 Minimal ISO, you should update the system, and install basic tools.

yum update
yum install -y vim wget


This pre-setup can be done in all 3 servers, basically it will setup the Sernet Samba Repository and install samba from repo.

chmod +x

DC1 Setup

First of all we need a domain, so lets provision it.

samba-tool domain provision --use-rfc2307 --interactive

DC2 Setup

Setup kerberos, you can use the as dc1.

scp /etc/krb5.conf

Join as DC.

samba-tool domain join DC -Uadministrator

Fix DNS if it was not created automatically:

samba-tool dns add dc1 dc2 A <IP-OF-DC2> -Uadministrator

After couple minutes, we can see the replication:

samba-tool drs showrepl

Post Setup

This post setup will configure the services to startup and disable Selinux and Firewall, during my tests firewalld did not save the allowed ports, even with permanent flag, so I´v decided to disable to avoid problems.

chmod +x

Fileserver Setup

The pre-setup is the same, but we are not going provision neither join, the fileserver will be just a member of domain. CentOS bring us a useful tool to do it, actually we are going to setup authentication and join the domain in one shot. Lets start testing our DNS:

host -t SRV has SRV record 0 100 389

Here there is a TODO, you can map what you need to set on Selinux, or disable it:

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

Setup auth and join the domain: