[root@f32 ~]# samba-tool domain provision
Realm:  TEST.JP
Domain [TEST]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: 
DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.2]:
Administrator password:
Retype password:
INFO 2020-03-04 13:30:39,510 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2133: Looking up IPv4 addresses
INFO 2020-03-04 13:30:39,510 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2150: Looking up IPv6 addresses
INFO 2020-03-04 13:30:39,735 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2301: Setting up share.ldb
INFO 2020-03-04 13:30:39,745 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2305: Setting up secrets.ldb
INFO 2020-03-04 13:30:39,752 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2311: Setting up the registry
INFO 2020-03-04 13:30:39,773 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2314: Setting up the privileges database
INFO 2020-03-04 13:30:39,783 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2317: Setting up idmap db
INFO 2020-03-04 13:30:39,793 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2324: Setting up SAM db
INFO 2020-03-04 13:30:39,795 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2020-03-04 13:30:39,796 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2020-03-04 13:30:39,798 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1338: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-03-04 13:30:39,814 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1416: Adding DomainDN: DC=test,DC=jp
INFO 2020-03-04 13:30:39,822 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1448: Adding configuration container
INFO 2020-03-04 13:30:39,830 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1463: Setting up sam.ldb schema
INFO 2020-03-04 13:30:41,540 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1481: Setting up sam.ldb configuration data
INFO 2020-03-04 13:30:41,630 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1522: Setting up display specifiers
INFO 2020-03-04 13:30:42,806 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1530: Modifying display specifiers and extended rights
INFO 2020-03-04 13:30:42,832 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1537: Adding users container
INFO 2020-03-04 13:30:42,834 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1543: Modifying users container
INFO 2020-03-04 13:30:42,835 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1546: Adding computers container
INFO 2020-03-04 13:30:42,837 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1552: Modifying computers container
INFO 2020-03-04 13:30:42,838 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1556: Setting up sam.ldb data
INFO 2020-03-04 13:30:42,928 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1586: Setting up well known security principals
INFO 2020-03-04 13:30:42,960 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1600: Setting up sam.ldb users and groups
INFO 2020-03-04 13:30:43,011 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1608: Setting up self join
Repacking database from v1 to v2 format (first record CN=IpHost,CN=Schema,CN=Configuration,DC=test,DC=jp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=DS-UI-Default-Settings,CN=419,CN=DisplaySpecifiers,CN=Configuration,DC=test,DC=jp)
Repacking database from v1 to v2 format (first record CN=Performance Monitor Users,CN=Builtin,DC=test,DC=jp)
INFO 2020-03-04 13:30:43,717 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1130: Adding DNS accounts
INFO 2020-03-04 13:30:43,729 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1164: Creating CN=MicrosoftDNS,CN=System,DC=test,DC=jp
INFO 2020-03-04 13:30:43,742 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1177: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-03-04 13:30:43,769 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1182: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record CN=MicrosoftDNS,DC=DomainDnsZones,DC=test,DC=jp)
Repacking database from v1 to v2 format (first record DC=gc,DC=_msdcs.test.jp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=test,DC=jp)
INFO 2020-03-04 13:30:43,868 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2037: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-03-04 13:30:43,872 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2042: Fixing provision GUIDs
INFO 2020-03-04 13:30:44,443 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2370: The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf
INFO 2020-03-04 13:30:44,443 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2376: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2020-03-04 13:30:44,443 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2378: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-03-04 13:30:44,459 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #489: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-03-04 13:30:44,460 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #494: Server Role:           active directory domain controller
INFO 2020-03-04 13:30:44,460 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #495: Hostname:              f32
INFO 2020-03-04 13:30:44,460 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #496: NetBIOS Domain:        TEST
INFO 2020-03-04 13:30:44,460 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #497: DNS Domain:            test.jp
INFO 2020-03-04 13:30:44,460 pid:3863 /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #498: DOMAIN SID:            S-1-5-21-327220636-2223179890-4129240002
[root@f32 ~]# cat /var/lib/samba/private/krb5.conf
[libdefaults]
        default_realm = TEST.JP
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
TEST.JP = {
        default_domain = test.jp
}

[domain_realm]
        f32 = TEST.JP
[root@f32 ~]# cat /etc/krb5.conf
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
    spake_preauth_groups = edwards25519
#    default_realm = EXAMPLE.COM
    default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#     kdc = kerberos.example.com
#     admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
[root@f32 ~]# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
cp: '/etc/krb5.conf' を上書きしますか? y
[root@f32 ~]# cat /etc/redhat-release
Fedora release 32 (Thirty Two)
[root@f32 ~]# samba -V
Version 4.12.0
[root@f32 ~]# samba -i -M single
samba version 4.12.0 started.
Copyright Andrew Tridgell and the Samba Team 1992-2020
binary_smbd_main: samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname 'F32.test.jp'
TLS self-signed keys generated OK
/usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype !
/usr/sbin/krb5kdc: krb5kdc: starting...