Reference:

https://www.howtoforge.com/tutorial/samba-4-domain-controller-installation-on-
centos/

192.168.123.234 Samba4 AD EPIP PDC

192.168.123.235 Samba4 AD TR PDC
192.168.123.236 Windows RSAT EPIP GPO
192.168.123.237 Windows RSAT TR GPO

Step1: Disable SELINUX

nano /etc/selinux/config

Step2: sudo shutdown -r now

Step3: Check the status of SELINUX

sestatus

Step4: SAMBA4 Installation - 192.168.123.234 Samba4 AD EPIP PDC

cat /etc/hosts
add:
192.168.123.234 le81pdc1.lempepl.lan

Step5: Install the Epel CentOS repository

yum install epel-release -y

Step6: Install all the packages needed to compile samba4.

yum install perl gcc libacl-devel libblkid-devel gnutls-devel readline-devel
python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server
libaio-devel setroubleshoot-plugins\
policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-
devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-
devel libattr-devel keyutils-libs-devel\
cyrus-sasl-devel cups-devel bind-utils libxslt docbook-style-xsl openldap-devel
pam-devel bzip2 vim wget -y

Step7: Now download samba4 package . I use samba-4.10.4 which is latest during this
setup.
wget https://download.samba.org/pub/samba/stable/samba-4.10.4.tar.gz

Step8: Now lets install samba4.

tar -zxvf samba-4.10.4.tar.gz
next
cd samba-4.10.4
next
./configure --enable-debug --enable-selftest --with-ads --with-systemd
--with-winbind
next
make && make install

Step9: Now we will do the domain provisioning.

samba-tool domain provision --use-rfc2307 --interactive

Realm[LEMPEPL.LAN]:
Domain[LEMPEPL]:
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]: SAMBA_INTERNAL
DNS forwarder IP address (write 'none' to disable forwarding) [4.2.2.1]:
 Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned

There will be some errors when we do the provisioning of domain.

To fix them, please comment out the below line in /etc/krb5.conf.

includedir /etc/krb5.conf.d/

Repeat the Step 9: Run the domain provisioning again and now the domain will get
created without errors.

Step10: Make sure the ports are open in the firewall.

firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp
--permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-
port=88/udp --permanent; \
Next
firewall-cmd --reload

Step11: Create a startup script to autostart the service during reboot.

cat /etc/systemd/system/samba.service
add
[Unit]
Description= Samba 4 Active Directory
After=syslog.target
After=network.target

[Service]
Type=forking
PIDFile=/usr/local/samba/var/run/samba.pid
ExecStart=/usr/local/samba/sbin/samba

[Install]
WantedBy=multi-user.target

Next
systemctl enable samba
Next
systemctl start samba