[Samba] Joining a domain

Chris Stankevitz chrisstankevitz at gmail.com
Wed Mar 11 17:57:34 MDT 2015 

Marc,

Thank you for taking the time to give me some complete answers.  When
writing to lists like these I often struggle with how much or little
detail to give.... and I am eager to add more detail where you have
explicitly asked.

On Tue, Mar 10, 2015 at 2:13 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:
>> 1. Must "net join" be used?
>
> If you want to join the domain, yes.

I'm sorry for being so daft, but I am asking you if I need/want to
join the domain.  I do not know the answer.  Reminder of my scenario:
samba is sharing files and users provide their Active Directory
usernames and passwords to log into to samba.  I will call this
"Scenario A".

>> 2. Under what circumstances will samba (and family) require an
>> explicit "net join"?
>
> See 1.
> What do you mean with "and family"?

By "and family" I was conceding that I do not know what software it is
that is requires domain join.  Maybe it's samba or windbindd or
something else.  I can see already your response "no software requires
that you join a domain -- that is a personal decision up to a human
and not up to a computer." Which brings us back to my original
question number 1 above.

>> 3a. Is a file added to the hard drive?
>
> It's written into secrets.tdb for domain members. For DCs more happen in
> the background, when joining the domain.

Thank you this is the secret sauce I was not able to devine from
reading Oreilly Chapter 10.  Is there a tool I can use to query the
secrets.tdb file to see what is the current "state" respect to domain
membership?  Perhaps it is "wbinfo -t".

I ask this question because I often find myself sitting at a Samba
server that is failing to do "Scenario A" and I wonder "Well, has this
computer been joined to the domain?"  (Not that I even know whether or
not the question is important).

>> Chapter 10 of the Oreilly 3rd edition book describes domain
>> membership, but it leaves me wanting to understand more.  For example,
>> "net join" has never worked well (generally spews some kind of
>> complaint) but things still work.
>
> Never had problems to join a Samba host yet. Examples?

I wish I had a setup that was not working right now to dissect (and
learn from) but I do not.  However, in the past I have had:

net join -U XXXXX\\cstankevitz

The command returned what appears to be an error:

kerberos_kinit_password XXXXX\cstankevitz at XXXXX.CORP failed: Client
not found in Kerberos database
Failed to join domain: failed to connect to AD: Client not found in
Kerberos database
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain XXXXX
Unable to find a suitable server for domain XXXXX

Thank you again,

Chris

More information about the samba mailing list