Domain Join will not complete

I have two OpenSuSE 15 Leap installations. The kernel is 4.12.14-lp150.12.16-default. All updates have been applied from the OpenSuSE and Packman respoitories. Using YAST to join a SAMBA4 domain. Had to attempt it multiple times but it finally worked. The problem is that the configuration stops at 66% (GUI) and just hangs. I have to log out (I suppose I could kill the process) and log in again. Some of the times when it doesn’t work, the machine is joined to the domain but I cannot log in because the setting to create the home folder is turned off, even though I selected to turn it on.

Related, I attempted to leave the domain and then join it again without closing the YAST utility. When I clicked OK to join the domain an error message came up saying that I couldn’t use the domain name. I had to close the YAST utility and open it again. The join worked except I had to log out and back in. In that case the setting for creating the home directory worked.

I checked the SAMBA logs and they are mostly empty with the winbind log showing what appears to be normal activity.

First,
You should describe the SAMBA server, what distro it’s running on and the SAMBA version.

Then,
For your client machine trying to join the Domain,

  • If you experience a problem, You should inspect the system log for specific errors. Although you could inspect the whole log for errors, in this kind of situaiton where you can cause the error at will, it’s probably easiest to open a running console and run the following command which will display your system log events in real time as they occur
journalctl -f

-I’m pretty sure that whenever you change the security context of your session like logging into a Domain, you’d have to at the least log out and back in… But, I generally do a full reboot just to be certain. You shouldn’t ordinarily be able to verify your system has joined a Domain with your existing login AFAIK.

Whenever I join any machine to a Domain of any kind, because it requires a network connection and excellent name resolution, I generally configure a /etc/hosts entry pointing to the authentication server to ensure no hiccups related to name resolution issues.

TSU

Thanks for the reply.

The SAMBA server is a SAMBA4 DC 4.3.11 running on Ubuntu 16.04 LTS 64 bit. I have been using this SAMBA4 DC since shortly after SAMBA4 was released. I’ve joined the domain using OpenSuSE 42.1, 42.2, 42.3 and Windows XP, 7, Vista and 10. OpenSuSE 15 is the only client OS experiencing problems joining the domain. As far as log files, the affected machines are joined to the domain and I’m not in the mood to leave the domain to go through the failing joining process.

I always reboot after joining the domain because some things don’t work right until after a reboot. Windows requires it. I know when the machine has joined the domain because I can log in using AD credentials.

Have you examined the samba logs in both the DC and the Leap 15 host that might help with determining where the problem might be occurring?

I finally got SAMBA4 working as an Active Directory Domain Controller. Here’s what I did. This is for OpenSuSE Leap 15. It should apply to prior OpenSuSE versions but not to versions of SAMBA4 before 4.7.

I couldn’t find any good instructions for installing SAMBA4 as an AD DC on OpenSuSE. Wish there were because so many other things in Yast work so well.

The way Yast, Samba Server appears is that it is intended to possibly set up a domain controller (PDC) but not specifically an Active Directory Domain Controller. There are at least 3 reasons that make me believe this. The two biggies are settings for LDAP and Winbind. It could be that the YAST module hasn’t caught up with the latest version of SAMBA.

Having given up on finding OpenSuSE specific documentation/methods I used the more generic documentation at the SAMBA site (https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller). It’s broken into two sites. The main installation site points to the dependencies site.

I ended up installing or making sure all of the required dependencies were installed and then ran the Zipper command that follows. All of the packages may not be required but I found that some dependencies required to configure SAMBA after it’s provisioned and running didn’t exist by default on the OpenSuSE server. Due to the problems I experienced, I figured more packages were better. Some SAMBA guru may be able to document the dependencies better.

I followed the installation instructions almost to the letter. One of the changes I made was to start SAMBA using sudo samba i before the documentation said too. Otherwise, I couldn’t finish up the install.

The mysterious issue for me is that provisioning didn’t go well. The smb.conf file didn’t look right after provisioning. The biggest issue was that the security was set to ADS but the smb.conf file that works doesn’t have that setting. Even after provisioning appeared to work correctly it was still missing 2 lines in the [global] section. The way I figured all of this out is that I have a SAMBA4 server running in Ubuntu and could compare the smb.conf files. The main take-away is that the smb.conf file that is created after provisioning will be quite short. It only has two administrative shares and no user or printer shares. I believe the assumption is that you will create printer and file shares on a different server.

The first clue that provisioning was incorrect is that I couldn’t create a reverse zone. That lead me to check to see if the SAMBA server was running and it wasn’t.

Another issue is that when using Yast to join the domain on the SAMBA server, the process complains that Winbind couldn’t be started. This is because a SAMBA AD DC starts up it’s own copy of winbindd and the Yast joining process is apparently unaware of this. Once SAMBA is working there is no problem joining the domain from other clients.

Due to provisioning not working correctly, I had to remove the user folders on one of the client boxes and then joing the domain again. The symptom was that the login worked and the user home folders were created but the login would jump back to the login screen. This is a known problem and most people suggest changing the permissions on a couple files. I didn’t have any user data yet so I just deleted the folders.

I am going to post the instructions and additional comments in the Articles section of this support site, if I have the right permissions.