Samba4 running as an Active Directory Controller

 

Installation notes

Fresh centos minimal

yum -y install gcc libacl-devel libblkid-devel gnutls-devel \
 readline-devel python-devel gdb pkgconfig krb5-workstation \
 zlib-devel setroubleshoot-server libaio-devel \
 setroubleshoot-plugins policycoreutils-python \
 libsemanage-python setools-libs-python setools-libs \
 popt-devel libpcap-devel sqlite-devel libidn-devel \
 libxml2-devel libacl-devel libsepol-devel libattr-devel \
 keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils
yum -y install glibc glibc-devel gcc python* libacl-devel krb5-server krb5-workstation krb5-libs pam_krb5 make gnutls-devel \
 openssl-devel bind bind-libs bind-utils libblkid-devel readline-devel gdb python-devel *ldap* *gnutls* *acl* cups sqlite-devel\
 setroubleshoot-server popt-devel libxml2-devel libpcap-devel libidn-devel cups-devel

Change fstab to have acl flag

#
 # /etc/fstab
 # Created by anaconda on Mon Nov 18 09:59:13 2013
 #
 # Accessible filesystems, by reference, are maintained under '/dev/disk'
 # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
 #
 ##/dev/mapper/vg_dc1-lv_root / ext4 acl user_xattr defaults 1 1

/dev/mapper/vg_dc1-lv_root / ext4 acl 1 1

 

If you get ldap issues in the logs & the DNS is not working check for ports using the ldap port

samba_terminate: Failed to startup ldap server task

use netstat

netstat --tcp --listen --program
 netstat -nalp | grep 636

Had some issues with the firewall, at the moment to get DNS / Domain requests working iptables is disabled

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
 iptables -A INPUT -p udp --dport 53 -j ACCEPT
 iptables -A INPUT -p udp --dport 137:138 -j ACCEPT
 iptables -A INPUT -p tcp --dport 139 -j ACCEPT
 iptables -A INPUT -p tcp --dport 445 -j ACCEPT
 iptables -A INPUT -p tcp --dport 135 -j ACCEPT
 iptables -A INPUT -p tcp --dport 88 -j ACCEPT
 iptables -A INPUT -p udp --dport 88 -j ACCEPT
 iptables -A INPUT -p tcp --dport 464 -j ACCEPT
 iptables -A INPUT -p tcp --dport 389 -j ACCEPT
 iptables -A INPUT -p udp --dport 389 -j ACCEPT
 iptables -A INPUT -p tcp --dport 1024 -j ACCEPT

iptables -A INPUT -p tcp --dport 636 -j ACCEPT
 iptables -A INPUT -p tcp --dport 3268 -j ACCEPT
 iptables -A INPUT -p tcp --dport 3269 -j ACCEPT
 iptables -A INPUT -p udp --dport 445 -j ACCEPT
 iptables -A INPUT -p tcp --dport 25 -j ACCEPT
 iptables -A INPUT -p tcp --dport 135 -j ACCEPT
 iptables -A INPUT -p tcp --dport 5722 -j ACCEPT
 iptables -A INPUT -p udp --dport 464 -j ACCEPT
 iptables -A INPUT -p tcp --dport 137 -j ACCEPT

Windows admin

Login to the domain, then restart & login to machine on the domain then run AD users & computers – AD users & computers won’t work if you loggged in locally

 

=====================================

Ref

http://wiki.eri.ucsb.edu/stadm/AD_Samba4

https://wiki.samba.org/index.php/Samba_4/OS_Requirements

=====================================