domain join
Configures a Windows domain.
Syntax
domain join domain-name <name> login <login> password <password> [dc-list <dc-list>] [org-unit <name>] [join-type {workstation}] [short-name <name>] [netbios-name <name>]
Parameters
domain-name <name> | Specifies the domain of which to make the SteelHead a member of. Typically, this is your company domain name. RiOS supports Windows 2000 or later domains. |
login <login> | Specifies the login for the domain. The login and password are not stored. This account must have domain-join privileges; it does not need to be a domain administrator account. |
password <password> | Specifies the password for the domain. The login and password are not stored. |
org-unit <name> | Specifies the organization name (for example, the company name). |
join-type | Specifies the join account type in which the server-side SteelHead can join the domain in one of the following roles: • workstation - Joins the server-side SteelHead appliance to the domain with workstation privilege. You can join the domain to this account type using any ordinary user account that has the permission to join a machine to the domain If you do not specify a join type, the system uses the default, which is the workstation join type. |
short-name <name> | Specifies a short domain name. Typically, the short domain name is a substring of the realm. In rare situations, this is not the case, and you must explicitly specify the short domain name. Case matters; RIVERBED is not the same as riverbed. The short domain name is required if the NetBIOS domain name does not match the first portion of the Active Directory domain name. |
netbios-name <name> | Specifies a NetBIOS name. The short domain name is required if the NetBIOS domain name does not match the first portion of the Active Directory domain name. |
Usage
A server-side SteelHead can join a Windows domain or local workgroup. You configure the SteelHead to join a Windows domain (typically, the domain of your company) for PFS, SMB signing, and MAPI encrypted traffic optimization authentication.
When you configure the SteelHead to join a Windows domain, you do not have to manage local accounts in the branch office, as you do in local workgroup mode. Domain mode allows a domain controller (DC) to authenticate users.
Before enabling domain mode, make sure that you:
• configure the DNS server correctly. The configured DNS server must be the same DNS server to which all the Windows client computers point. To use SMB signing, the server-side SteelHead must be in the DNS.
• have a fully qualified domain name. This domain name must be the domain name for which all the Windows desktop computers are configured.
• set the owner of all files and folders in all remote paths to a domain account and not a local account.
PFS supports only domain accounts on the origin-file server; PFS does not support local accounts on the origin-file server. During an initial copy from the origin-file server to the PFS SteelHead, if PFS encounters a file or folder with permissions for both domain and local accounts, only the domain account permissions are preserved on the SteelHead.
For details about domains and PFS, see the SteelHead User Guide and the SteelHead Deployment Guide.
Example
amnesiac (config) # domain join domain-name signing.test login admin password mypassword dc-list mytestdc1
Product
SteelHead CX, SteelHead-v, SteelHead-c
Related Commands