Active Directory integration failing

I’ve just installed Tumbleweed x86 on my desktop and joined it to my Windows 2008R2 domain using Yast2 as I’ve done hundreds of times before. Usually this is a simple process which works first time, however with Tumbleweed it doesn’t seem to work. Yast2 says it is successful and I can see the Linux computer in the AD tools of my Win server, but I cannot login using my AD credentials. The Winbind log shows the following:

ldb: unable to dlopen /usr/lib64/ldb/asq.so : /usr/lib64/ldb/asq.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/memberof.so : /usr/lib64/ldb/memberof.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/paged_results.so : /usr/lib64/ldb/paged_results.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/paged_searches.so : /usr/lib64/ldb/paged_searches.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/rdn_name.so : /usr/lib64/ldb/rdn_name.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/sample.so : /usr/lib64/ldb/sample.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/server_sort.so : /usr/lib64/ldb/server_sort.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/skel.so : /usr/lib64/ldb/skel.so: failed to map segment from shared object
ldb: unable to dlopen /usr/lib64/ldb/tdb.so : /usr/lib64/ldb/tdb.so: failed to map segment from shared object
ldb: unable to stat module /usr/lib64/samba/ldb : No such file or directory
[2016/08/21 17:30:43.037013, 0] …/lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
ldb: Unable to find backend for ‘/var/lib/samba/private/secrets.ldb’ - do you need to set LDB_MODULES_PATH?
ldb: unable to stat module /usr/lib64/samba/ldb : No such file or directory
[2016/08/21 17:30:43.109419, 0] …/lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
ldb: Unable to find backend for ‘/var/lib/samba/private/secrets.ldb’ - do you need to set LDB_MODULES_PATH?

I’m guessing a package is missing but all Samba, Winbind, CIFS, and LDB packages are installed. Kinit and klist work ok, so krb is working. DNS works fine and I can resolve the names of the domain controllers successfully to both their IPv4 and IPv6 addresses.

Any suggestions?

Hard to think of anything a User can do to solve your problem, if the machine has been successfully joined to your Windows Domain, then I’d think it’s something “post add” which would mean a run time issue when you’re logging in.

I assume this Windows Domain account is something that already exists?
Have you tried a Windows Domain Administrator account (as opposed to a normal Domain User account)?
If your Domain has multiple Domain Controllers, have you allowed sufficient time for replication or have forced replication (maybe after a day, your problems have fixed itself automatically if replication was the issue)?

Of course, since you’re running TW, there’s always the chance some bleeding edge change might have caused a problem, as always do a “zypper dup” on the chance someone already found an issue and fixed it.

TSU

Steven,

I have a Tumbleweed VM connecting to a Windows 2008r2 Active Directory server and I am able to log in with AD credentials.

I can’t remember if this VM started at 42.1, connected to the domain, and then upgraded to Tumbleweed or if I connected after upgrading to Tumbleweed. I use the VM as my regular desktop, so I connect to the DC daily and have had no issues.

I don’t have a /usr/lib64/samba/lbd directory, nor do I have a /usr/lib64/ldb/memberof.so file, so I’m not sure where that’s coming from on your machine.

Here is what Yast created for my smb.conf:

workgroup = DOMAIN 
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = No
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        realm = DOMAIN.TLD 
        security = ADS
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind offline logon = yes
        winbind refresh tickets = yes

Hope this helps.

Mark