You just set up the Samba 4 DC and a Samba 3 fileserver on another box. Setup the NFS keytabs and that's it. It's really easy.
Samba4 DC: 192.168.1.30 hh30.hh3.site
Samba3 file server: 192.168.1.32 hh32.hh3.site
The rest follows these fixed IP settings.
Method
1. Install and provision a Samba4 DC using these instructions. Do not edit smb.conf. Ours looks like this:
[global]
server role = domain controller
workgroup = ALTEA
realm = hh3.site
netbios name = HH1
passdb backend = samba4
[netlogon]
path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
2. On a separate computer, install Samba and winbind from your usual distro.
3. In /etc/samba/smb.conf, delete everything and add this:
[global]
realm = polop.site
workgroup = ALTEA
security = ADS
winbind enum users = Yes
winbind enum groups = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-4000
idmap config ALTEA:backend = ad
idmap config ALTEA:range = 20000-40000000
idmap config ALTEA:schema_mode = rfc2307
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
winbind use default domain = Yes
[profiles]
path = /home2/profiles
read only = No
[home]
path =/home2/home
read only = No
[staff]
path=/home2/staff
read only = No
4. Create the folder for the shares:
mkdir /home2
mkdir /home2/profiles
chmod 1777 /home2/profiles
mkdir /home2/home
mkdir /home2/staff
5. Set your DNS to that of the Samba4 DC
6. Join the domain:
Net ads join -UAdministrator
7. pam.-config --add --krb5
8. pam-config --add --winbind
Tomorrow: How to rid the world of hunger, famine and all known diseases.