[Samba] Domain join with realm

[Andreas Schneider]

On Thursday, 9 February 2023 09:09:09 CET Ralph Boehme wrote:
> On 2/9/23 09:02, Rowland Penny via samba wrote:
> 
> > Realmd, sssd etc were written by red-hat for use against FreeIPA and 
> > hence that is what red-hat supports.
> 
> 
> fwiw, I don't think this is the full picture. Iirc sssd and the tooling 
> are designed to join Linux systems to a several directory services, 
> FreeIPA being one of them, AD and pure LDAP are others.
> 
> In fact, iirc, the realm join command, depending on arguments, actually 
> uses net ads join to join to AD.
> 
> Ideally we would have something on the wiki that explains this. 
> @Andreas: would you be able to start a wiki page with a quick overview 
> this stuff?

I think the right way would be to link to Fedora or RHEL documentation. 
However the Fedora documentation looks outdated.

Fedora:
https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/servers/File_and_Print_Servers/#sect-Samba

RHEL:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/
configuring_and_using_network_file_services/assembly_using-samba-as-a-
server_configuring-and-using-network-file-services#proc_joining-samba-to-a-
domain_assembly_setting-up-samba-as-an-ad-domain-member-server


@Marc Can update the Fedora docs and sync them with RHEL9 docs?


However we suggest to join an AD domain using realmd:

realm join --membership-software=samba --client-software=winbind 
ad.example.com

This will join using 'net' command, setup PAM, NSS, KRB5 and systemd to start 
and enable the winbind.service.


Best regards


	Andreas


-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D