Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: user logon - blank workgroup

  1. #1

    Default user logon - blank workgroup

    Hi.

    I am testing Active Directory integration with Leap 15.2.

    I have followed this guide:

    https://doc.opensuse.org/documentati...agement-enroll

    and in particular the section:

    7.3.2 Joining Active Directory Using User Logon Management

    When I try to add a new domain a pop-up windows with "Active Directory enrollment" comes out.

    All fields are correctly popolated but workgroup field is blank and if I try to go on and insert username and password of ad domain admin I obtain the following error:

    failed to join domain: invalid configuration ("workgroup" set to '', should be MADDANT). "MADDANT" is my correct realm.

    But the question is: where can I specify the workgroup settings in user logon management? I did not found it.

    Regards

  2. #2
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,457

    Question Re: user logon - blank workgroup

    @antonio.tvr:

    What happens if, you attempt to join an Active Directory Domain? – <https://doc.opensuse.org/documentati...ity-ad-winbind>

  3. #3

    Default Re: user logon - blank workgroup

    Hi.

    What you have indicated is the other method described in the documentation.

    But reading the docs it is explained that the preferred one is user logon management for active directory.

    In the other way (winbind) it works, but I don't understand why I cannot use user logon management if I made the same configurations indicated in docs.

    Regards

  4. #4
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,457

    Question Re: user logon - blank workgroup

    Quote Originally Posted by antonio.tvr View Post
    failed to join domain: invalid configuration ("workgroup" set to '', should be MADDANT). "MADDANT" is my correct realm.
    MS Windows uses either Active Directory (Domain) or (exclusive or), a Workgroup …
    • In the Windows world. AD Domains and Workgroups on the same Network Segment can have identical names – I'm not sure if a Linux Samba Client can also handle this.

    Do you have the “realmd” package installed?

    Does “realm join {domain}” do anything?

    Does the /etc/samba/smb.conf file contain something like this:
    Code:
    [global]
    
    workgroup = SHORT_NAME_OF_AD_DOMAIN
    client signing = yes
    client use spnego = yes
    kerberos method = secrets and keytab
    realm = AD.DOMAIN.FULL.NAME
    security = ads
    Do you have Kerberos installed?

  5. #5

    Default Re: user logon - blank workgroup

    Hi.

    I dont understand.

    Opensuse docs says that all missing packages Will be installed by yast.

    And seems that happens.

    I dont understand why the user logon join procedure requires workgroup and dont ask to configure that parameter.

    Reading the documentation i think that the process is Easy and for example with winbind procedure It is so.

    Regards

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,887
    Blog Entries
    2

    Default Re: user logon - blank workgroup

    A personal SOP Iv'e developed no matter the operating system(even MSWindows) joining a machine to a Domain is to create an /etc/hosts entry pointing to the FQDN (yes, both machine and domain) to the Domain Controller. I don't rely on DHCP/DNS/DC all set up working correctly in harmony on the network... which is what should happen but doesn't always. By doing this, your machine won't depend on DNS and DHCP working perfectly and your machine knows exactly how to contact the DC that grants permission to join.

    May work for you.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  7. #7
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,457

    Question Re: user logon - blank workgroup

    Quote Originally Posted by antonio.tvr View Post
    Opensuse docs says that all missing packages Will be installed by yast.

    And seems that happens.
    Normal” Software {not Artificial Intelligence} never operates on assumptions …
    • Did you really check that the Realmd and Kerberos packages have been installed and, all the dependent packages needed by those two packages?
    • Does /etc/samba/smb.conf contain the required “workgroup = ” and “realm = ” entries?
    • From a user “root” CLI, did “realm join {domain}” behave as expected?

    If the manual method succeeds then, yes Bug Reports against the openSUSE Security Handbook and YaST will be needed …
    • Possibly with the suggestion made by tsu2 …

  8. #8

    Default Re: user logon - blank workgroup

    I didn't say yast has to do magic.

    but if a procedure is indicated in the documentation I usually follow it to the letter to avoid doing things not foreseen instead of those indicated.

    having said that, if the domain join with winbind works I would say that there are no problems in contacting the domain controller, indeed.

    I will try to put the configurations that you have indicated in samba and then try to do the join procedure.

    If it will not work I sure report the bug and in the meantime I will use winbind (I don't know for a "normal" use of a linux client joined to windows domain what are differences with winbind).

    Thank you for your help

  9. #9

    Default Re: user logon - blank workgroup

    Hi.

    Some updates.

    User logon procedure in yast did already write all configurations indicated in smb.conf.

    I have only added WORKGROUP configuration and now it is not blank.

    From a root shell I have tried to join my domain with realm join -v domain

    and I obtain these errors (the computer entry it is created in Active Directory, I can see it in Users and Computers):


    * /usr/bin/systemctl enable sssd.service
    Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service.
    * /usr/bin/systemctl restart sssd.service
    Job for sssd.service failed because the control process exited with error code.
    See "systemctl status sssd.service" and "journalctl -xe" for details.
    * /usr/sbin/pam-config --add --sssd --mkhomedir
    pam-config: invalid option -- --sssd
    Try `pam-config --help' or `pam-config --usage' for more information.
    ! Enabling SSSD in nsswitch.conf and PAM failed.
    realm: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed.

    But the first part of log is without errors and I have found the computer in AD.

    This is the error log of sssd.service:

    Sep 16 15:35:41 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    Sep 16 15:35:41 lnx02.maddant.local sssd[17294]: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in paralle>
    Sep 16 15:35:41 lnx02.maddant.local sssd[17294]: Starting up
    Sep 16 15:35:41 lnx02.maddant.local sssd[be[17295]: Starting up
    Sep 16 15:35:41 lnx02.maddant.local sssd[be[17296]: Starting up
    Sep 16 15:35:43 lnx02.maddant.local sssd[be[17297]: Starting up
    Sep 16 15:35:46 lnx02.maddant.local sssd[17298]: Starting up
    Sep 16 15:35:46 lnx02.maddant.local sssd[17299]: Starting up
    Sep 16 15:35:46 lnx02.maddant.local sssd[17300]: Starting up
    Sep 16 15:35:46 lnx02.maddant.local sssd[17301]: Starting up
    Sep 16 15:35:47 lnx02.maddant.local sssd[be[17302]: Starting up
    Sep 16 15:35:47 lnx02.maddant.local sssd[17294]: Exiting the SSSD. Could not restart critical service [maddant.local].
    Sep 16 15:35:47 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=1/FAILURE
    Sep 16 15:35:47 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    Sep 16 15:35:47 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 15:35:47 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.

    I don't know how can I solve this issue.

    Regards

  10. #10

    Default Re: user logon - blank workgroup

    I have stopped and disabled nscd service but I obtain anyway the error of ncsd socket detected.

    Thank you

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •