Failing to join AD domain

I’m trying to join a completely fresh OpenSUSE Leap 15 server to our AD domain. The goal is to be able to log into the server using AD credentials. I’m following the instructions in section 7.3.3 of the documentation:

I start yast and run Network Services -> Windows Domain Membership. I enter our domain (which is in the form “mycompanyname.com”). I check the boxes “Use SMB Information for Linux Authentication” and “Create Home Directory on Login”. I then go into Expert Settings and under Allowed Groups enter an AD group containing the users allowed to login to the server.

When I hit OK, I get “Error. Cannot use the workgroup ‘MYCOMPANYNAME.COM’ for Linux authentication. Enter a domain or disable using SMB for Linux authentication.”.

This is the same procedure I’ve used in a dozen or so SLES 12 servers, and it works great. I’ve disabled the firewall, tried a variety of different case combinations, tried the simple domain name (minus the .com). I’ve added all of our DCs to the hosts file (based on something I read in a past post o on a similar issue). The OpenSUSE server can ping all of the DCs. I remembered yast sometimes requiring me to install krb5-client before proceeding in the SLES servers, so I installed that manually.

There’s nothing interesting in /var/log/messages. /var/log/samba is empty. The only lines I see in /var/log/YaST2/y2log that are appropriate are:

2019-03-26 10:28:32 <1> opensuseserver(5952) [Perl] modules/SambaAD.pm(SambaAD::GetADS):129 get ads: workgroup: MYCOMPANYNAME.COM
2019-03-26 10:28:32 <3> opensuseserver(5952) [bash] ShellCommand.cc(shellcommand):78 ls: cannot access '/var/lib/dhcpcd/dhcpcd-*.info': No such file or directory
2019-03-26 10:28:32 <1> opensuseserver(5952) [Perl] modules/SambaAD.pm(SambaAD::GetADS):246 returning server:

Not sure what the significance of the dhcpcd line is. The server’s NIC is statically addressed.

I’m at a loss for how to further troubleshoot this. Any ideas?

Open terminal;

sudo net ads join -U domainusername

See if it dumps any errors. If it does join happily, YAST should also register this and allow you to change settings via the UI.

This gets me:

Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.

Sounds exquisitely weird. I would take a look at /etc/samba/smb.conf if it’s somehow messed up.

Maybe go as far as to remove it, reinstall samba-client and retry joining.

Killed /etc/samba/smb.conf and ran a “zypper in -f samba-client”. Alas, no change…

Thanks for the suggestions, though.

IMO most common solution for all failures joining an AD (not just openSUSE using YaST) is name resolution.

Try adding appropriate entries to your client machine’s /etc/hosts file pointing to your Domain Controller.

Of course, be sure you’re using valid, <existing> Domain Admin credentials… I don’t know if the current YaST tool allows for adding a Domain User account with sufficient permissions, but I’ve always avoided doing that since it was always hit and miss whether it would work.

TSU