[Samba] Joining a samba member server using offline join or a RODC
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Mon Mar 16 04:27:08 MDT 2015
Hi Uri,
> I would like to join a samba 4.2.0 file server sitting in a branch
> office, with connection only to a RODC (and only the RODC can talk to
> the RWDC). Was wondering what's the workflow for doing this in samba.
>
> For Windows machines, Microsoft seems to have planned two workflows for this:
>
> 1. Use new flag to NetJoinDomain() API to join using the RODC
> (https://technet.microsoft.com/en-us/library/dd728035%28v=ws.10%29.aspx#run_join_script).
> With this workflow, the machine account is created on the domain, then
> what seems to happen is that admin credentials towards the RODC are
> being used to fetch the machine account secret and install it on the
> joining member.
>
> 2. Offline domain join
> (https://technet.microsoft.com/en-us/library/dd392267.aspx) - with
> this workflow, the machine account on the domain is created manually,
> then shared secret exported to a BLOB which is installed on the
> joining server.
the offline join scenario works fine with a samba4 setup. You just have
to join a temporary VM with the remote server name on the hub site,
rsync the private directory and smb.conf to your remote server and
preload the machine account on the rodc.
Cheers,
Denis
>
> Thanks,
> Uri.
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list