[Samba] Unable to join domain

[Rowland Penny]

On Fri, 2021-10-08 at 10:41 -0400, Rob Campbell wrote:
> Now, setting up my fedora server as a member to be the file server is
> the same process or can I add it another way?

No, you cannot provision a Unix domain member, you need to create the
smb.conf using your choice of winbind backend.

>   Is the cockpit-ad-dc app usable for this activity?

No, that is only for a DC.

>   Or do I need to do this on my Fedora server (FSDC02):
> 
>   1. systemctl stop samba
>   2. systemctl stop smb
>   3. ps ax | egrep "samba|smbd|nmbd|winbindd"
>   4. kill anything that is running above
>   5. mv /etc/samba/smb.conf /etc/samba/smb.conf-202110081030
>   6. rm /etc/krb5.conf
>   7. for file in `locate *.ldb`;do rm -rf $file;done
>   8. for file in `locate *.tdb`;do rm -rf $file;done
>   9. samba-tool domain provision --server-role=dc --use-rfc2307 --
> dns-backend=SAMBA_INTERNAL --realm=TEST-SERVER.LAN --domain=DC02 --
> adminpass="Password"

None of the above if FSDC02 is a DC

You need to ensure that none of the Samba binaries are running on your
new Unix domain member. Install and set up ntp or chrony. Install krb5
tools, modify /etc/krb5.conf . Create a new smb.conf following the
wiki. Ensure the /etc/resolv.conf has your dns domain set to the
'search' parameter and the first nameserver is a Samba AD DC. Ensure
that /etc/hosts contains a line like this:
ipaddress FQDN hostname
Where:
'ipaddress' is the ipaddress of your new Unix domain member
'FQDN' is the fully qualified dns name of your new Unix domain member
'hostname' is the short hostname of your new Unix domain member
Unless your new Unix domain member gets its IP info via dhcp, in which
case, ensure that none of the above points to anything in
/etc/resolv.conf

Once everything is set up correctly, you join to the domain with:

net ads join -Uadministrator

You should get prompted for the Administrator password and then joined
to the domain.

Rowland