Cannot use the workgroup for linux authentication

English Install/Boot/Login
1

When I try to setup user authentication via a windows domain in yast I get the following error message:

Cannot use the workgroup domain.tld for linux authentication
Enter a domain or disable using SMB for Linux authentication.

This is my samba configuration


[global]
        workgroup = DOMAIN
        passdb backend = tdbsam
        map to guest = Bad User
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = No
        idmap config * : backend = tdb
        idmap config * : range = 10000-20000
        idmap config domain : backend = rid
        idmap config domain : range = 20001-99999
        realm = DOMAIN.TLD
        security = ADS
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind refresh tickets = yes
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes

        load printers = No
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

I joined the domain using

net ads join -U <username>

and winbind is running. What am I doing wrong?

2

I’m not experienced with using samba in domain environment, so I can only speculate a bit here…did you check the ‘Expert Settings…’ in the YaST utility?

https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-samba.html#sec-samba-adnet

In particular, I wonder if ‘Use WINS for Hostname Resolution’ needs to be enabled in your situation?

3

I have another computer with almost identical setup except it has an older version of Tumbleweed installed (20210423). There ‘Use WINS for Hostname Resolution’ is not enabled. In that Samba documentation you linked it is not mentioned either. I wonder if this is a bug in the newer release of Tumbleweed I am using now.

Nonetheless, I will try to enable ‘Use WINS for Hostname Resolution’ on the newer machine and see if that helps.

4

What are you using for hostname resolution?

5

BTW, can you share the actual ‘workgroup =’ name and 'realm = ’ active directory server name (rather than obfuscating)?