[root@f32 ~]# rm /etc/samba/smb.conf rm: 通常ファイル '/etc/samba/smb.conf' を削除しますか? y [root@f32 ~]# samba-tool domain provision Realm: TEST.JP Domain [TEST]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.2]: Administrator password: Retype password: INFO 2020-02-21 13:58:02,958 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2133: Looking up IPv4 addresses INFO 2020-02-21 13:58:02,959 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2150: Looking up IPv6 addresses WARNING 2020-02-21 13:58:02,959 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2157: No IPv6 address will be assigned INFO 2020-02-21 13:58:03,180 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2301: Setting up share.ldb INFO 2020-02-21 13:58:03,192 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2305: Setting up secrets.ldb INFO 2020-02-21 13:58:03,198 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2311: Setting up the registry INFO 2020-02-21 13:58:03,216 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2314: Setting up the privileges database INFO 2020-02-21 13:58:03,225 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2317: Setting up idmap db INFO 2020-02-21 13:58:03,231 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2324: Setting up SAM db INFO 2020-02-21 13:58:03,233 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings INFO 2020-02-21 13:58:03,234 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE INFO 2020-02-21 13:58:03,236 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1338: Pre-loading the Samba 4 and AD schema Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs INFO 2020-02-21 13:58:03,250 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1416: Adding DomainDN: DC=test,DC=jp INFO 2020-02-21 13:58:03,258 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1448: Adding configuration container INFO 2020-02-21 13:58:03,264 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1463: Setting up sam.ldb schema INFO 2020-02-21 13:58:04,653 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1481: Setting up sam.ldb configuration data INFO 2020-02-21 13:58:04,732 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1522: Setting up display specifiers INFO 2020-02-21 13:58:05,708 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1530: Modifying display specifiers and extended rights INFO 2020-02-21 13:58:05,729 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1537: Adding users container INFO 2020-02-21 13:58:05,731 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1543: Modifying users container INFO 2020-02-21 13:58:05,733 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1546: Adding computers container INFO 2020-02-21 13:58:05,735 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1552: Modifying computers container INFO 2020-02-21 13:58:05,737 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1556: Setting up sam.ldb data INFO 2020-02-21 13:58:05,813 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1586: Setting up well known security principals INFO 2020-02-21 13:58:05,840 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1600: Setting up sam.ldb users and groups INFO 2020-02-21 13:58:05,887 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1608: Setting up self join Repacking database from v1 to v2 format (first record CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,DC=test,DC=jp) Repack: re-packed 10000 records so far Repacking database from v1 to v2 format (first record CN=mSMQSiteLink-Display,CN=414,CN=DisplaySpecifiers,CN=Configuration,DC=test,DC=jp) Repacking database from v1 to v2 format (first record CN=Infrastructure,DC=test,DC=jp) INFO 2020-02-21 13:58:06,509 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1130: Adding DNS accounts INFO 2020-02-21 13:58:06,519 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1164: Creating CN=MicrosoftDNS,CN=System,DC=test,DC=jp INFO 2020-02-21 13:58:06,531 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1177: Creating DomainDnsZones and ForestDnsZones partitions INFO 2020-02-21 13:58:06,554 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1182: Populating DomainDnsZones and ForestDnsZones partitions Repacking database from v1 to v2 format (first record DC=DomainDnsZones,DC=test,DC=jp) Repacking database from v1 to v2 format (first record DC=_ldap._tcp.dc,DC=_msdcs.test.jp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=test,DC=jp) INFO 2020-02-21 13:58:06,641 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2037: Setting up sam.ldb rootDSE marking as synchronized INFO 2020-02-21 13:58:06,644 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2042: Fixing provision GUIDs INFO 2020-02-21 13:58:07,191 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2370: The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf INFO 2020-02-21 13:58:07,194 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2376: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf INFO 2020-02-21 13:58:07,194 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2378: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink! INFO 2020-02-21 13:58:07,210 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #489: Once the above files are installed, your Samba AD server will be ready to use INFO 2020-02-21 13:58:07,210 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #494: Server Role: active directory domain controller INFO 2020-02-21 13:58:07,210 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #495: Hostname: f32 INFO 2020-02-21 13:58:07,210 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #496: NetBIOS Domain: TEST INFO 2020-02-21 13:58:07,210 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #497: DNS Domain: test.jp INFO 2020-02-21 13:58:07,210 pid:4726 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #498: DOMAIN SID: S-1-5-21-3826381857-2800277158-3877578712 [root@f32 ~]# cat /var/lib/samba/private/krb5.conf [libdefaults] default_realm = TEST.JP dns_lookup_realm = false dns_lookup_kdc = true [realms] TEST.JP = { default_domain = test.jp } [domain_realm] f32 = TEST.JP [root@f32 ~]# cat /etc/krb5.conf # To opt out of the system crypto-policies configuration of krb5, remove the # symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated. includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt spake_preauth_groups = edwards25519 # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM [root@f32 ~]# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf cp: '/etc/krb5.conf' を上書きしますか? y [root@f32 ~]# cat /etc/redhat-release Fedora release 32 (Thirty Two) [root@f32 ~]# samba -V Version 4.12.0rc3 [root@f32 ~]# samba -i -M single samba version 4.12.0rc3 started. Copyright Andrew Tridgell and the Samba Team 1992-2020 binary_smbd_main: samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'F32.test.jp' TLS self-signed keys generated OK /usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype ! /usr/sbin/krb5kdc: krb5kdc: starting...