I have a Samba domain controller (also running in a container) and I would like to start a new container and have it become a member of the domain. The normal process for this is to enter the container and run
net ads join -U administrator
and then enter the Administrator password. I have all these steps working fine, but now I want to automate out the password. I really don't want to keep the un-encrypted Administrator password stored on disk; I'd like that to be only known by humans. So, please no solutions where I just echo the password into the command.
I have root access to both containers (running in docker), and I'm sure there's probably some command I could run on the DC to export a ticket and then import that ticket on the new client. I just don't know enough Kerberos to know how to go about doing that.
The server and client are both Samba 4.17.12-Debian on Debian bookworm, configured mostly with the defaults.
I've already fought through the networking details to make these containers appear like VMs on the network, so you could just assume this is the same as if I was asking about real Linux hosts where I had root ssh access to each.
net offlinejoin provision
net offlinejoin requestodj
samba.org/samba/docs/current/man-html/net.8.htmlsamba-tool domain exportkeytab
might do what I need.