[Samba] Joining a samba member server using offline join or a RODC
Uri Simchoni
urisimchoni at gmail.com
Mon Mar 16 02:48:47 MDT 2015
Hi,
I would like to join a samba 4.2.0 file server sitting in a branch
office, with connection only to a RODC (and only the RODC can talk to
the RWDC). Was wondering what's the workflow for doing this in samba.
For Windows machines, Microsoft seems to have planned two workflows for this:
1. Use new flag to NetJoinDomain() API to join using the RODC
(https://technet.microsoft.com/en-us/library/dd728035%28v=ws.10%29.aspx#run_join_script).
With this workflow, the machine account is created on the domain, then
what seems to happen is that admin credentials towards the RODC are
being used to fetch the machine account secret and install it on the
joining member.
2. Offline domain join
(https://technet.microsoft.com/en-us/library/dd392267.aspx) - with
this workflow, the machine account on the domain is created manually,
then shared secret exported to a BLOB which is installed on the
joining server.
Thanks,
Uri.
More information about the samba
mailing list