Netapi for testjoin

Yinon Yamin Yinon.Yamin at exanet.com
Wed Dec 2 02:05:27 MST 2009


Thanks for your quick answer.

I did try the NetGetJoinInformation() API and it didn't work for me.
I am using Samba 3.4.3 and the NetGetJoinInformation() always return as if I am connected to the domain.

-------------------
./bin/getjoininformation -S exanet-qa2 -U administrator%secret
Successfully queried join information:
c2-lnx2 is joined to domain EXANET-QA2

/usr/local/samba/bin/net ads leave -U administrator%secret
Deleted account for 'C2-LNX2' in realm 'EXANET-QA2.EXANET-IL.CO.IL'

./bin/getjoininformation -S exanet-qa2 -U administrator%secret
Successfully queried join information:
c2-lnx2 is joined to domain EXANET-QA2
-------------

I also tried to do the same with no_ads_support and I got the same results.

BTW: Why does the "net rpc" command don't support the 'leave' command ?


Yinon



-----Original Message-----
From: Guenther Deschner [mailto:gd at samba.org] 
Sent: Tuesday, December 01, 2009 23:30
To: Yinon Yamin
Cc: samba-technical at lists.samba.org
Subject: Re: Netapi for testjoin

Hi,

On Tue, Dec 01, 2009 at 09:28:14AM +0200, Yinon Yamin wrote:
> Hello everyone,
> 
>  
> 
> I am trying to write a small utility that can join, unjoin and 
> testjoin to a DC.
> 
> For the join / unjoin I used the netapi  NetJoinDomain / 
> NetunjoinDomain and it seems to work well.
> 
>  
> 
> The question is which API should I use in order to implement the 
> testjoin predicate.
> 
> The "testjoin " should return TRUE iff the host is already joined to 
> the DC. (same functionality as the "net testjoin").

Hm, one thing you could do is to use the NetGetJoinInformation() API
(http://msdn.microsoft.com/en-us/library/aa370423%28VS.85%29.aspx)

-----8<------------------snip--------------8<--------------

see samba example code in:
lib/netapi/examples/join/getjoininformation.c

lib/netapi/examples/bin/getjoininformation -S xp -U administrator%secret Successfully queried join information:
xp is joined to domain W2K3DOM

----->8------------------snap-------------->8--------------

that will work well against Windows.

alternatively you could use I_NetlogonControl{2} (only available in newer libnetapi libs), with the NETLOGON_TC_VERIFY function_code:

-----8<------------------snip--------------8<--------------

see samba example code in:
lib/netapi/examples/netlogon/nltest.c

lib/netapi/examples/bin/nltest XP --sc_verify=W2K3DOM -U administrator%secret

----->8------------------snap-------------->8--------------

that also works well against Windows machines.

Unfortunately in w32 netapi there is no NetTestJoinDomain() call and thus not in sambas libnetapi. That of course doesnt mean we could not just invent such a call for Samba.

Guenther
-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org


More information about the samba-technical mailing list