[Samba] Joining a domain

Marc Muehlfeld mmuehlfeld at samba.org
Tue Mar 10 15:13:17 MDT 2015

Hello Chris,

Am 10.03.2015 um 18:26 schrieb Chris Stankevitz:
> Please consider a scenario in which samba is sharing files and users
> provide their Active Directory usernames and passwords to log into to
> samba.
> 1. Must "net join" be used?

If you want to join the domain, yes.

> 2. Under what circumstances will samba (and family) require an
> explicit "net join"?

See 1.
What do you mean with "and family"?

> 3. What technically is happening when samba/computer "joins" the domain?

There are thousands of sites describing, what happens when a computer
joins a domain.

In short: An account is created in the domain, that the computer uses to
authenticate against the domain to proof to be a member of the domain.
The computer automatically changes the machine accounts password
(default = every 30 days).

> 3a. Is a file added to the hard drive?

It's written into secrets.tdb for domain members. For DCs more happen in
the background, when joining the domain.

> 3b. Is the join "persistent" across reboots?

Yes. Otherwise you need some extra admins, re-joining all computers
every morning before users can start to work. ;-)

> 4. How can I tell is a samba server has been "joined" to the domain?

E. g.
# wbinfo -t
can be use to check winbinds connection to a trusted DC.

> Chapter 10 of the Oreilly 3rd edition book describes domain
> membership, but it leaves me wanting to understand more.  For example,
> "net join" has never worked well (generally spews some kind of
> complaint) but things still work.

Never had problems to join a Samba host yet. Examples?


More information about the samba mailing list