Join to existing active directory

[dalraf]

Looks like only need to change the samba-tool cmd.

https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory

[mergwyn]

I'll try to incorporate this into the module, if you give me some pointers.

What should I set the role to be (it can't be 'dc') or how do I detect the domain already exists?

[kakwa]

@mergwyn

At first glance, the best way to implement it would be to rename the "dc" class in a "domain" class and make it more generic (exposing the samba-tool command line arguments, more options, etc. In theory, the "dc" class already permits to override most parameters in smb.conf).

Then, make specialized classes, one reimplementing the dc class with the current API, an other implementing a "Domain Member" class for example. A generic class could be interesting for other use cases like replicas.

For the server role, it's probably member/member server, but I've never deployed this kind of setup.

On how to detect if the domain already exists, in the dc class I check if the /var/lib/samba/states/sysvol/ directory exists (note: /var/lib/samba could change, it's only the default). I don't know if the same check could be done for a domain member. For testing if the join is OK, in the Classic class, I run net ads testjoin.

I lack the infrastructure to test these kind of setups, specially, I don't have a Windows AD to play with.

[mergwyn]

I'll try to take a look at this as I want to solve the problem for my
environment. I am very new to puppet, so not sure how good a job I will do.

One thought I had is that, in samba terms, you are either a dc or a member
so that classification works. The choice if you are a dc is whether you
provision or join a domain. There is a samba-tool option to list domain
info that could tell if the domain already exists as a prerequisite to the
dc join. I would need to to do some experimentation as to what happens if
you provision a domain that already exists.

I'm also short on infrastructure and only have a samba environment, no
Windows AD servers.

On Tue, 9 Aug 2016 at 09:50 Carpentier Pierre-Francois <
notifications@github.com> wrote:

@mergwyn https://github.com/mergwyn

At first glance, the best way to implement it would be to rename the "dc"
class in a "domain" class and make it more generic (exposing the samba-tool
command line arguments, more options, etc. In theory, the "dc" class
already permits to override most parameters in smb.conf).

Then, make specialized classes, one reimplementing the dc class with the
current API, an other implementing a "Domain Member" class for example. A
generic class could be interesting for other use cases like replicas.

For the server role, it's probably member/member server, but I've never
deployed this kind of setup.

On how to detect if the domain already exists, in the dc class I check if
the /var/lib/samba/states/sysvol/ directory exists (note: /var/lib/samba
could change, it's only the default). I don't know if the same check could
be done for a domain member. For testing if the join is OK, in the Classic
class, I run net ads testjoin.

I lack the infrastructure to test these kind of setups, specially, I don't
have a Windows AD to play with.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#18 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ARSG8UAPZFPuStK_q_8IcgIrh2J5e-YIks5qeD9ugaJpZM4Gzxet
.