Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: OpenSUSE and Active Directory: new to managing groups

  1. #11
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,661
    Blog Entries
    1

    Default Re: OpenSUSE and Active Directory: new to managing groups

    Quote Originally Posted by Cambridgeport90 View Post
    OpenSUSE is coming into this pre-existing environment to run GnuHealth Server components (and possibly, if this experiment goes well, a fediverse software such as Mastodon or Pleroma on a different install), and we are attempting to join that server to the domain, as well, and here's where I goof up originally prior to your post about the different modules. I had my associate use the Winbind module instead of the LDAP and Kerberos module, since before you mentioned that it existed, I was not aware at all. Now we are trying to backtrack, removing the server from the domain using the Windows membership module, and re-joining it using LDAP and Kerberos since we seem to be running into issues getting the sudoers file to recognize groups when using Winbind. At this point we're stuck with the error to disable SSSD from user and group management, though we've been having to disable it manually by commenting it out, and now we are no longer able to get the server to join again. My associate now can't even login.
    Just in case the following reference is helpful...
    https://doc.opensuse.org/documentati...rity-auth-sssd
    openSUSE Leap 15.2; KDE Plasma 5

  2. #12
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,206
    Blog Entries
    2

    Default Re: OpenSUSE and Active Directory: new to managing groups

    Quote Originally Posted by Cambridgeport90 View Post
    To clarify things a bit more:
    We have an existing Active Directory setup, schema has a couple of Extensions for Dell OpenManage, and eventually System Center (though that's just for clarification. not sure if the extensions matter). The network is set up with Windows Server 2019 domain controllers, and then a couple of other things run Windows; backup server runs Windows, our hypervisors run Hyper-V, and a couple of others. We also have some Windows SMB file shares, though those are mostly Windows clients who access them, rarely do we have servers touching them. The rest of them are Linux, all running CentOS because that is the standard distribution chosen for the enterprise. (I didn't make that decision.)
    OpenSUSE is coming into this pre-existing environment to run GnuHealth Server components (and possibly, if this experiment goes well, a fediverse software such as Mastodon or Pleroma on a different install), and we are attempting to join that server to the domain, as well, and here's where I goof up originally prior to your post about the different modules. I had my associate use the Winbind module instead of the LDAP and Kerberos module, since before you mentioned that it existed, I was not aware at all. Now we are trying to backtrack, removing the server from the domain using the Windows membership module, and re-joining it using LDAP and Kerberos since we seem to be running into issues getting the sudoers file to recognize groups when using Winbind. At this point we're stuck with the error to disable SSSD from user and group management, though we've been having to disable it manually by commenting it out, and now we are no longer able to get the server to join again. My associate now can't even login.
    How you added your CentOS to the AD may be important so you can maintain consistency in your network... IMO that should be a main consideration, to minimize complexity. You don't want every machine in your network connecting to others in a different way. So, my recommendation is to understand your CentOS, are they 389 Directory Servers or something else? I'd recommend however your CentOS are set up should take precedence in how you set up openSUSE and if you need help in that, there are some Forum threads (IIRC in the Networking Forum) on 389 setups.

    The YaST modules are there to assist and ease setups, but they are best used when you have no other considerations in your network and you're setting up for the first time. Because you already have CentOS set up, YaST may be helpful but you first need to know what you already have set up.

    If you're having problems undoing your joining AD and your system is installed on BTRFS, there's a good chance that you can roll back to a status prior to that event by running Snapper, list your history of snapshots and then choose a snapshot prior to the date and time you made any mistakes. This is a relatively risk free thing to do... Although unexpected things can happen so make sure you have backups, BTRFS snapshots have been very reliable and virtually problem free. And, rolling backwards and forwards can be done to undo even your "undo's" You always move forward historically, and can "roll forward" to undo rolling backwareds or choose another snapshot to roll forward or back.

    You can even rol back to before you even installed the packages you installed to connect to AD, and start from acratch.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •