Install Samba 4.1 AD DC on CentOS 7 with yum

CentOS 7's bundled Samba 4 does not provide Active Directory (AD) Domain Controller (DC) functionality due to the incompatibility between the Kerberos 5 libraries used by a Samba 4 AD DC (Heimdal) and those by RHEL/CentOS (MIT). However, Samba 4 binaries (rpms) compiled with Heimdal Kerberos library for CentOS 7 can be obtained from the Sernet Samba repository without the need of compiling Samba from its source code.

To download the rpm files with yum, a user account is necessary at the Sernet Samba repository. Signing up for a user account at Sernet is totally free and can be done in a minute. Upon successful registration, one can log into the portal and obtain a yum repo file with his username and password embedded in the repo URL. The repo file can be copied to /etc/yum.repos.d and one can then use yum to install the necessary rpms for a Samba 4 AD DC on CentOS 7.

If the bundled Samba 4 was installed in the system, remove it with yum first.
 yum remove samba*
The following Samba 4.1 rpms can then be installed from Sernet on CentOS 7 to enable a AD DC
sernet-samba-libs-4.1.14-9.el7.x86_64
sernet-build-key-1.1-4.noarch
sernet-samba-common-4.1.14-9.el7.x86_64
sernet-samba-libsmbclient0-4.1.14-9.el7.x86_64
sernet-samba-4.1.14-9.el7.x86_64
sernet-samba-winbind-4.1.14-9.el7.x86_64
sernet-samba-ad-4.1.14-9.el7.x86_64
sernet-samba-client-4.1.14-9.el7.x86_64

If there is existing Samba 3 NT4-style domain, it can be upgraded to AD type domain with samba-tool, which is installed as part of the packages above. The following Samba Classic Upgrade wiki guide provides excellent instructions on the upgrade. For simplicity,  one can use Samba 4's built-in DNS server for the AD DC. After the upgrade is complete, start the AD DC by
service sernet-samba-ad start
and test it following this guide.