To Join AD Domain (windows1.nwie###.net), type the following command-line as root on the member server:
net ads join -k createcomputer=Servers/UNIX -U unixadmin@NWIEPILOT.NET
Since the machine windows1 was automatically found in the corresponding Kerberos realm, we know this if the kinit command succeeded, the net command connects to the Active Directory server using its required administrator account and password. The command creates the appropriate NIX Workstation account on the Active Directory and grants permissions to the NIX Workstation to Join AD Domain.

The "Servers/UNIX" represents the location to create the NIX Workstation account in AD and is relative to the domain name.

The above command-line assumes you used the krb5.conf file as shown. If you added a Realm, then the realm will be appended to the unixadmin@NWIEPILOT.NET string and you will receive a error similar to:

 Failed to join domain: failed to connect to AD: Malformed representation of principal

Expect Some Errors#

The above will always produce errors because the validation immediately happens on a different AD server than the create (replication latency). This is because we are using DNS to discover AD servers.

Also, DNS is not allowed to be updated by samba; however the NIX Workstation should should already be proper in DNS.

Test The Join AD Domain #

Manually validate after allowing a few seconds to replicate:
net ads testjoin

« This page (revision-2) was last changed on 11-May-2017 13:30 by jim