[Samba] Unable to join domain

Patrick Goetz pgoetz at math.utexas.edu
Tue Oct 12 14:33:34 UTC 2021 


On 10/12/21 03:50, Rowland Penny via samba wrote:
> On Mon, 2021-10-11 at 18:01 -0400, Rob Campbell wrote:
>> Maybe I'm confused about the word server.  What constitutes a server
>> that makes it impossible for it to join a domain?
> 
> The word 'server' is very broad reaching, but when you combine it with
> the word 'standalone', you get a 'standalone server' and this type of
> Samba server contains its own user & group database and requires Samba
> users and the same users in /etc/passwd. A standalone server is akin to
> Windows Home edition and cannot join a domain.
> 
>>   fsdc01 was just a samba file server but if I remove the samba
>> configuration, can't I then join it to the domain (after following
>> the wiki steps of adding a member)?
> 
> You should be able to join any Unix computer to an AD domain, provided
> it is configured correctly.
>   
>>
>> What is throwing me off is that it seems to require a subdomain or at
>> least, that is how the wiki configuration is designed.  This has to
>> be done with a subdomain?  I can't skip the subdomain the subdomain?
> 
> If you have a registered domain, then you can use that, but best
> practise is to a subdomain of your registered domain (This isn't just a
> Samba best practice, it is also a Microsoft best practice).
> 

This bothered me too at first, but think of it like this: Your AD domain 
is not the same thing as your DNS domain. There could very well be 
devices in your DNS domain that are not bound to the AD domain. 
However, everything in your AD domain is in your DNS domain. So as sets, 
{AD Domain} is strictly a subset of {DNS Domain}. Consequently it makes 
sense that if

       example.com

is your DNS domain, then something like

       EX-AD.example.com

would be your AD domainL  EX-AD.example.com << example.com




>> For better clarity I could start over and have my subdomain as
>> internal if I need one so it would be internal.test-server.lan and
>> then have all the hostnames but I was hoping to have root domain and
>> hostnames only and I can see now that due to my naming schema, I
>> confused everyone.
> 
> You can use just the domain if you wish, but best practice is to use a
> subdomain.
> 
>>    My bad.
> 
> No, just lack of knowledge and we are all guilty of that from time to
> time.
> 
>>    I did choose dc01 because I figured everything would attach to it
>> unless I built a dc02 which I thought about doing further down the
>> line just for understanding how things work.
> 
> It is another best practice to run multiple AD DC's
> 
>>
>> I'll start over with my Debian vm being DC01.INTERNAL.TEST-SERVER.LAN
>> (hostname dc01 and then my Fedora file server can be
>> FS01.INTERNAL.TEST-SERVER.LAN.
> 
> That sounds a better idea.
> 
> Rowland
>   
> 
>

More information about the samba mailing list