[root@f33 ~]# rm /etc/samba/smb.conf
rm: 通常ファイル '/etc/samba/smb.conf' を削除しますか? y
[root@f33 ~]# samba-tool domain provision
Realm:  TEST.JP
Domain [TEST]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: 
DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.172]:
Administrator password:
Retype password:
INFO 2020-02-29 06:44:03,172 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2133: Looking up IPv4 addresses
INFO 2020-02-29 06:44:03,173 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2150: Looking up IPv6 addresses
WARNING 2020-02-29 06:44:03,173 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2157: No IPv6 address will be assigned
INFO 2020-02-29 06:44:03,378 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2301: Setting up share.ldb
INFO 2020-02-29 06:44:03,389 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2305: Setting up secrets.ldb
INFO 2020-02-29 06:44:03,394 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2311: Setting up the registry
INFO 2020-02-29 06:44:03,412 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2314: Setting up the privileges database
INFO 2020-02-29 06:44:03,421 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2317: Setting up idmap db
INFO 2020-02-29 06:44:03,427 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2324: Setting up SAM db
INFO 2020-02-29 06:44:03,428 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2020-02-29 06:44:03,429 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2020-02-29 06:44:03,431 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1338: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-02-29 06:44:03,447 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1416: Adding DomainDN: DC=test,DC=jp
INFO 2020-02-29 06:44:03,454 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1448: Adding configuration container
INFO 2020-02-29 06:44:03,465 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1463: Setting up sam.ldb schema
INFO 2020-02-29 06:44:04,843 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1481: Setting up sam.ldb configuration data
INFO 2020-02-29 06:44:04,918 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1522: Setting up display specifiers
INFO 2020-02-29 06:44:05,865 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1530: Modifying display specifiers and extended rights
INFO 2020-02-29 06:44:05,885 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1537: Adding users container
INFO 2020-02-29 06:44:05,887 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1543: Modifying users container
INFO 2020-02-29 06:44:05,888 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1546: Adding computers container
INFO 2020-02-29 06:44:05,890 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1552: Modifying computers container
INFO 2020-02-29 06:44:05,892 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1556: Setting up sam.ldb data
INFO 2020-02-29 06:44:05,964 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1586: Setting up well known security principals
INFO 2020-02-29 06:44:05,989 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1600: Setting up sam.ldb users and groups
INFO 2020-02-29 06:44:06,030 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1608: Setting up self join
Repacking database from v1 to v2 format (first record CN=ms-DS-Device-ID,CN=Schema,CN=Configuration,DC=test,DC=jp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=localPolicy-Display,CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=test,DC=jp)
Repacking database from v1 to v2 format (first record CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=test,DC=jp)
INFO 2020-02-29 06:44:06,644 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1130: Adding DNS accounts
INFO 2020-02-29 06:44:06,655 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1164: Creating CN=MicrosoftDNS,CN=System,DC=test,DC=jp
INFO 2020-02-29 06:44:06,665 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1177: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-02-29 06:44:06,687 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1182: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record CN=Infrastructure,DC=DomainDnsZones,DC=test,DC=jp)
Repacking database from v1 to v2 format (first record DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.test.jp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=test,DC=jp)
INFO 2020-02-29 06:44:06,774 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2037: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-02-29 06:44:06,777 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2042: Fixing provision GUIDs
INFO 2020-02-29 06:44:07,169 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2370: The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf
INFO 2020-02-29 06:44:07,170 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2376: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2020-02-29 06:44:07,170 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2378: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-02-29 06:44:07,184 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #489: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-02-29 06:44:07,184 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #494: Server Role:           active directory domain controller
INFO 2020-02-29 06:44:07,184 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #495: Hostname:              f33
INFO 2020-02-29 06:44:07,184 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #496: NetBIOS Domain:        TEST
INFO 2020-02-29 06:44:07,184 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #497: DNS Domain:            test.jp
INFO 2020-02-29 06:44:07,184 pid:1046 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #498: DOMAIN SID:            S-1-5-21-2341956574-1872031460-3995669738
[root@f33 ~]# cat /var/lib/samba/private/krb5.conf
[libdefaults]
        default_realm = TEST.JP
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
TEST.JP = {
        default_domain = test.jp
}

[domain_realm]
        f33 = TEST.JP
[root@f33 ~]# cat /etc/krb5.conf
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
    spake_preauth_groups = edwards25519
#    default_realm = EXAMPLE.COM
    default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#     kdc = kerberos.example.com
#     admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
[root@f33 ~]# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
cp: '/etc/krb5.conf' を上書きしますか? y
[root@f33 ~]# cat /etc/redhat-release
Fedora release 33 (Rawhide)
[root@f33 ~]# samba -V
Version 4.12.0rc4
[root@f33 ~]# samba -i -M single
samba version 4.12.0rc4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2020
binary_smbd_main: samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname 'F33.test.jp'
TLS self-signed keys generated OK
/usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype !
/usr/sbin/krb5kdc: krb5kdc: starting...