The net command looks in the smb.conf file to obtain its own configuration settings. Thus, the following
command 'knows' which domain to join from the smb.conf file.
A Samba server domain trust account can be validated as shown in this example:
root# net rpc testjoin
Join to 'MIDEARTH' is OK
Where there is no domain membership account, or when the account credentials are not valid, the following
results will be observed:
net rpc testjoin -S DOLPHIN
Join to domain 'WORLDOCEAN' is not valid
The equivalent command for joining a Samba server to a Windows ADS domain is shown here:
root# net ads testjoin
Using short domain name -- TAKEAWAY
Joined 'LEMONADE' to realm 'TAKEAWAY.BIZ'
In the event that the ADS trust was not established, or is broken for one reason or another, the following
error message may be obtained:
root# net ads testjoin -UAdministrator%secret
Join to domain is not valid
The following demonstrates the process of creating a machine trust account in the target domain for the
Samba server from which the command is executed:
root# net rpc join -S FRODO -Uroot%not24get
Joined domain MIDEARTH.
The joining of a Samba server to a Samba domain results in the creation of a machine account. An example
of this is shown here:
root# pdbedit -Lw merlin\$
merlin$:1009:9B4489D6B90461FD6A3EC3AB96147E16:\
176D8C554E99914BDF3407DEA2231D80:[S ]:LCT-42891919:
The S in the square brackets means this is a server (PDC/BDC) account. The domain join can be cast to join
purely as a workstation, in which case the S is replaced with a W (indicating a workstation account). The
following command can be used to affect this:
root# net rpc join member -S FRODO -Uroot%not24get
Joined domain MIDEARTH.
Note that the command-line parameter member makes this join specific. By default
the type is deduced from the smb.conf file configuration. To specifically join as a PDC or BDC, the
command-line parameter will be [PDC | BDC] . For example:
root# net rpc join bdc -S FRODO -Uroot%not24get
Joined domain MIDEARTH.
It is best to let Samba figure out the domain join type from the settings in the smb.conf file.
The command to join a Samba server to a Windows ADS domain is shown here:
root# net ads join -UAdministrator%not24get
Using short domain name -- GDANSK
Joined 'FRANDIMITZ' to realm 'GDANSK.ABMAS.BIZ'
There is no specific option to remove a machine account from an NT4 domain. When a domain member that is a
Windows machine is withdrawn from the domain, the domain membership account is not automatically removed
either. Inactive domain member accounts can be removed using any convenient tool. If necessary, the
machine account can be removed using the following
net
command:
root# net rpc user delete HERRING\$ -Uroot%not24get
Deleted user account.
The removal is made possible because machine accounts are just like user accounts with a trailing $
character. The account management operations treat user and machine accounts in like manner.
A Samba-3 server that is a Windows ADS domain member can execute the following command to detach from the
domain:
root# net ads leave
Detailed information regarding an ADS domain can be obtained by a Samba DMS machine by executing the
following:
root# net ads status
The volume of information is extensive. Please refer to the book “Samba-3 by Example”,
Chapter 7 for more information regarding its use. This book may be obtained either in print or online from
the
Samba-3 by Example.
|