[Samba] net ADS join MEMBER

[Rowland penny]

On 27/02/2020 00:51, Bob Wyatt via samba wrote:
> In some spare time, been trying to get Samba 4.10.6-1 working on AIX.
>
> Can't start Samba, as it wants winbindd. Not unexpected.
> Can't start winbindd, as it wants to be joined to the domain first. Not
> unexpected.
You shouldn't start Samba until it has joined the domain.
> Net ADS join MEMBER doesn't ask for an Administrator ID or password;
> instead, it asks for root's password.
>
> Which I don't think it should do, since the net command was run as the root
> user, and I'm trying to join a Windows domain, not adding this server to a
> Samba domain.

Well, whose password do you think that you should be asked for ? You are 
running it as root, so that is the password you will be asked for, 
unless you use the correct command ;-)

> Am I being "paranoid"? Does it usually ask for the root password?
Possibly and yes, in that order ;-)
> I haven't supplied it and tried to continue - figured it would make more of
> a mess if I did.

No, it probably just wouldn't have worked.

Try the join command like this:

net ads join -U Administrator

You can replace 'Administrator' with another domain user with 
permissions to join machines to the domain.

> Have I not set something correctly in the Globals above?

I would have written it differently, you have default lines and you 
given the default domain '999999' IDs, something where '1000' would be 
too many. You also do not a 'vfs objects' line, now I do not know what 
filesystem AIX uses, but on an ext4 filesystem, you would use ' vfs 
objects = acl_xattr'. I would also add this line:

username map = /etc/samba/user.map

Then create /etc/samba/user.map containing this:

!root = BOOST\Administrator

This would then map 'Administrator' to 'root' and allow administration 
from Windows.

> Any other Samba advice?

Probably, but lets get your computer joined to the domain first ;-)

Rowland