Marc,
Thank you for taking the time to give me some complete answers. When
writing to lists like these I often struggle with how much or little
detail to give.... and I am eager to add more detail where you have
explicitly asked.
On Tue, Mar 10, 2015 at 2:13 PM, Marc Muehlfeld <mmuehlfeld at samba.org>
wrote:>> 1. Must "net join" be used?
>
> If you want to join the domain, yes.
I'm sorry for being so daft, but I am asking you if I need/want to
join the domain. I do not know the answer. Reminder of my scenario:
samba is sharing files and users provide their Active Directory
usernames and passwords to log into to samba. I will call this
"Scenario A".
>> 2. Under what circumstances will samba (and family) require an
>> explicit "net join"?
>
> See 1.
> What do you mean with "and family"?
By "and family" I was conceding that I do not know what software it is
that is requires domain join. Maybe it's samba or windbindd or
something else. I can see already your response "no software requires
that you join a domain -- that is a personal decision up to a human
and not up to a computer." Which brings us back to my original
question number 1 above.
>> 3a. Is a file added to the hard drive?
>
> It's written into secrets.tdb for domain members. For DCs more happen
in
> the background, when joining the domain.
Thank you this is the secret sauce I was not able to devine from
reading Oreilly Chapter 10. Is there a tool I can use to query the
secrets.tdb file to see what is the current "state" respect to domain
membership? Perhaps it is "wbinfo -t".
I ask this question because I often find myself sitting at a Samba
server that is failing to do "Scenario A" and I wonder "Well, has
this
computer been joined to the domain?" (Not that I even know whether or
not the question is important).
>> Chapter 10 of the Oreilly 3rd edition book describes domain
>> membership, but it leaves me wanting to understand more. For example,
>> "net join" has never worked well (generally spews some kind
of
>> complaint) but things still work.
>
> Never had problems to join a Samba host yet. Examples?
I wish I had a setup that was not working right now to dissect (and
learn from) but I do not. However, in the past I have had:
net join -U XXXXX\\cstankevitz
The command returned what appears to be an error:
kerberos_kinit_password XXXXX\cstankevitz at XXXXX.CORP failed: Client
not found in Kerberos database
Failed to join domain: failed to connect to AD: Client not found in
Kerberos database
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain XXXXX
Unable to find a suitable server for domain XXXXX
Thank you again,
Chris