[Samba] Must you "net join" for the Samba machine to become a domain member?

Adam Nielsen adam.nielsen at uq.edu.au
Thu Jan 19 23:29:09 GMT 2006

> If it must "join" the domain why doesn't Samba try join the domain
> automatically (if it's not already joined) using the credentials of
> the first user who tries to map a drive?

Probably because a normal user trying to map a drive isn't a Domain
Admin, and generally only Domain Admins can add computers into domains.

I think you misunderstand the purpose of joining a domain.  You don't
join with specific credentials (e.g. a user mapping a drive), you use a
domain admin's credentials to add Samba into the domain, which means
from that point forward Samba is "allowed" to ask the domain to
check passwords instead of doing so itself.  This is greatly
simplified, but until Samba is a member of the domain you'll usually be
prompted for a password.

> It appears to me that I must "net join" the domain from the Samba
> server for this to work. Is this correct? Are there alternatives?

There's no need.  If I understand the process correctly, once you've
added Samba to the domain (while logged in as a Domain Admin) Samba
creates its own login name and password (a 'machine' account.)  From
this point on Samba logs in with these credentials whenever it needs
access to the domain - anything from getting a list of users to
checking whether the supplied password is correct.

Actually there is one alternative, that of specifying a "password
server", however IMHO joining a domain is a 'cleaner' solution, even if
it requires a bit more work.

> My problem is that this "net use" command requires some manual
> intervention (entering a password for a domain user) that we'd rather
> avoid.

Once you've successfully joined the domain this will work the way you
expect (assuming Samba/winbind is configured correctly.)


More information about the samba mailing list