[Samba] Joining a domain.
Rowland Penny
rpenny at samba.org
Thu Sep 21 19:05:05 UTC 2017
On Thu, 21 Sep 2017 18:01:08 +0000
"A. James Lewis via samba" <samba at lists.samba.org> wrote:
> Hi,
>
> I hope it's not a stupid question, but I'm mainly a Linux admin, and
> I'm really looking at Samba because of winbind, but there's something
> I don't really understand....
>
> People keep talking about computer accounts and joining the domain,
> but the guide I followed required "net ads join -k", which doesn't
> appear to require authentication, and so cannot have actually done
> anything on the domain, so I don't really understand what happens on
> the AD controller side, or if I need to somehow register with the
> domain, or if I can just authenticate anyway... and/or what net ads
> join -k did?
>
> I hope someone can clarify this for me.
>
You need to authenticate to join a computer to an AD domain, you can
do this with -U username or -U username%password, the only difference
is that the first one will prompt for the password. If you don't
provide a username, the logged in users name will be used. The
'username' must be a user with the correct rights to join a computer to
the domain.
Using '-k' is a bit different, you can still use -U but you don't need
the password and will not be prompted for one. Whenever '-k' is used
to join the domain, 'kinit' will need to have been run beforehand to
obtain a kerberos ticket. This can just be 'kinit', in which a ticket
will be obtained for the logged in user, or 'kinit username', in this
instance, the ticket will be obtained for 'username'
HTH
Rowland
More information about the samba
mailing list