====== Sernet Samba - CentOS 7 ======
**OBS: SELinux desabilitado.**
==== Cliente NTP ====
<code bash>
[root@ad ~]# yum install chrony
</code>

<code bash>
[root@ad ~]# vim /etc/chrony.conf 
[...]
server 192.0.2.123 iburst
[...]
</code>

<code bash>
[root@ad ~]# systemctl enable chronyd
[root@ad ~]# systemctl restart chronyd
</code>

==== Samba ====
<code bash>
[root@ad ~]# vim /etc/yum.repos.d/sernet-samba-4.1.repo
[sernet-samba-4.1]
name=SerNet Samba 4.1 Packages (centos-7)
type=rpm-md
baseurl=https://<USUÁRIO>:<SENHA>@download.sernet.de/packages/samba/4.1/centos/7/
gpgcheck=1
gpgkey=https://<USUÁRIO>:<SENHA>@download.sernet.de/packages/samba/4.1/centos/7/repodata/repomd.xml.key
enabled=1
</code>

<code bash>
[root@ad ~]# yum install sernet-samba-ad sernet-samba
</code>

<code bash>
[root@ad ~]# chkconfig sernet-samba-nmbd off
[root@ad ~]# chkconfig sernet-samba-smbd off
[root@ad ~]# chkconfig sernet-samba-winbindd off
</code>

==== Provisionamento ====
<code bash>
[root@ad ~]# samba-tool domain provision --domain=EXEMPLO --realm=EXEMPLO.ORG --server-role=dc --adminpass=adCentOS7 --dns-backend=SAMBA_INTERNAL --use-rfc2307
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=exemplo,DC=org
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=exemplo,DC=org
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              ad
NetBIOS Domain:        EXEMPLO
DNS Domain:            exemplo.org
DOMAIN SID:            S-1-5-21-531493659-813017840-3432796388
</code>

<code bash>
[root@ad ~]# vim /etc/default/sernet-samba 
[...]
SAMBA_START_MODE="ad"
[...]
</code>

<code bash>
[root@ad ~]# mv /etc/krb5.conf{,.dist}
[root@ad ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf 
</code>

<code bash>
[root@ad ~]# samba-tool domain level raise --domain-level 2008_R2 --forest-level 2008_R2
Domain function level changed!
Forest function level changed!
All changes applied successfully!
</code>

<code bash>
[root@ad ~]# samba-tool domain level show
Domain and forest function level for domain 'DC=exemplo,DC=org'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2
</code>

<code bash>
[root@ad ~]# cp -p /etc/samba/smb.conf{,.dist}
</code>

Adicionando um compartilhamento:
<code bash>
[root@ad ~]# vim /etc/samba/smb.conf 
[...]
[publico]
        comment = Publico
        path = /srv/storage/publico
        read only = No
        guest ok = Yes
        force create mode = 666
        force directory mode = 777
        veto files = /*.mp3/*.mpg/*.mpeg/*.avi/*.jpg/
        hide files = /*.ini/*.log/
</code>

<code bash>
[root@ad ~]# samba-tool testparm
Press enter to see a dump of your service definitions

# Global parameters
[global]
	workgroup = EXEMPLO
	realm = EXEMPLO.ORG
	netbios name = AD
	server role = active directory domain controller
	dns forwarder = 192.0.2.200
	idmap_ldb:use rfc2307 = yes

[netlogon]
	path = /var/lib/samba/sysvol/exemplo.org/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

[publico]
	comment = Publico
	path = /srv/storage/publico
	read only = No
	force create mode = 0666
	force directory mode = 0777
	guest ok = Yes
	veto files = /*.mp3/*.mpg/*.mpeg/*.avi/*.jpg/
	hide files = /*.ini/*.log/
</code>

<code bash>
[root@ad ~]# systemctl restart sernet-samba-ad
</code>

<code bash>
[root@ad ~]# echo "nameserver 192.0.2.50" > /etc/resolv.conf 
</code>

<code bash>
[root@ad ~]# smbclient -L ad -U%
Domain=[EXEMPLO] OS=[Unix] Server=[Samba 4.1.23-SerNet-RedHat-11.el7]

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk      
	sysvol          Disk      
	publico         Disk      Publico
	IPC$            IPC       IPC Service (Samba 4.1.23-SerNet-RedHat-11.el7)
Domain=[EXEMPLO] OS=[Unix] Server=[Samba 4.1.23-SerNet-RedHat-11.el7]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------
</code>