[Samba] Domain join not happening on Debian/Ubuntu machines

Rowland Penny rpenny at samba.org
Thu Apr 28 17:55:26 UTC 2022


On Thu, 2022-04-28 at 18:31 +0100, Sac Isilia via samba wrote:
> Hi Team,
> 
> Your question is correct. We are using media domain account whereas
> we wish
> to join the server in AP-MEDIA domain. I explained the same thing to
> my AD
> team to give us the service account in AP-MEDIA domain . But there
> rational
> argument is that when we join using media\svc_domjoin02 it is
> resolving to
> AP.MEDIA.GLOBAL.LOC as I posted in the above mail in the "net ads
> join"
> output.

There are three things in play here, the Netbios domain, the REALM and
the DNS domain. The DNS domain is what is after the computers short
hostname, in your case it sounds like it is 'ap.media.global.loc', the
REALM is the DNS domain in uppercase 'AP.MEDIA.GLOBAL.LOC'. The Netbios
domain is usually the left hand part of the REALM, but it can be
anything, but it must be unique.

Unless your domains trust each other, then the users from another
domain will be unknown to your domain.

I have found you this:

https://www.kania-online.de/wp-content/uploads/2019/06/trusts-tutorial.pdf

You are going to need to get trusts working before you can attempt to
join a computer using a user from another domain and I am not sure if
it will work then. The best idea would be to use a user from the domain
you are joining to.

Rowland





More information about the samba mailing list