Setting up RHEL 7 with sssd authenticated cifs shares

# cat anaconda-ks.cfg
#version=DEVEL
# System authorization information
auth --enableshadow --passalgo=sha512
repo --name="Server-HighAvailability" --baseurl=file:///run/install/repo/addons/HighAvailability
repo --name="Server-ResilientStorage" --baseurl=file:///run/install/repo/addons/ResilientStorage
# Use CDROM installation media
cdrom
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda,sdb
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=static --device=ens192 --gateway=10.50.50.254 --ip=10.50.50.209 --nameserver=10.50.50.203,10.50.50.200 --netmask=255.255.255.0 --ipv6=auto --activate
network  --hostname=web-one.example.com

# Root password
rootpw --iscrypted $6$Vdf3Ffefdfdwwtr.kGnfdgthdfgrewefwetrnm1twFh4ldcPtN6J7c5Z1kdjg4ahF2SeSybSR.fdgsdgsdfg.
# System services
services --enabled="chronyd"
# System timezone
timezone America/New_York --isUtc
# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
iscsiname iqn.1994-05.com.redhat:86ef6ebdc1d
iscsi --target=iqn.2008-08.com.starwindsoftware:switch4.example.com-san2-rh7-test1 --ipaddr=10.50.50.24 --port=3260
autopart --type=lvm
# Partition clearing information
clearpart --all --initlabel --drives=sda,sdb

%packages
@^minimal
@core
chrony
kexec-tools

%end

%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

# Begin the install!
# Are we online?
ping -c3 google.com
subscription-manager register --username 'example.com' --password 'sdfgsdfgsdfg' --auto-attach
yum install yum-utils vim 
shutdown -r now
fdisk -l
fdisk /dev/sdb
pvcreate /dev/sdb1
pvscan
vgcreate data /dev/sdb1
vgscan
lvcreate --size 100GiB --name web-stuff data
lvscan
mkfs.xfs /dev/data/web-stuff
mkdir -p /content/cms/web-stuff
mount /dev/data/web-stuff /content/cms/web-stuff
echo  '/dev/data/web-stuff /content/cms/web-stuff xfs _netdev 0 0' >> /etc/fstab
shutdown -r now
yum install bind-utils
dig -t SRV _ldap._tcp.ad.example.com
dig -t SRV _ldap._tcp.dc._msdcs.ad.example.com
sync ; sync
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-client samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
realm join --user=sjadmin example.com
realm list
id sjadmin
id sjadmin@example.com
# This gives a long listing that includes a dozen @example.com entries
cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.$(date +"%Y-%m-%d-%H-%M")
vim /etc/sssd/sssd.conf 
diff /etc/sssd/sssd.conf /etc/sssd/sssd.conf.2018-09-25-14-55 
#  16,17c16,17
#  < use_fully_qualified_names = False
#  < fallback_homedir = /home/%u
#  ---
#  > use_fully_qualified_names = True
#  > fallback_homedir = /home/%u@%d

systemctl restart sssd
id sjadmin@example.com
# Now it just shows the username
ls /home/
chcon -Rt samba_share_t /content/cms/web-stuff
smbclient  -k //`hostname`/test
kinit steve.jones
ls -al /home/
chcon -Rt samba_share_t /home/steve.jones

yum install ntp
vi /etc/ntp.conf
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload 
systemctl start ntpd
systemctl enable ntpd
ntpq -p