DavidRa

Joining Linux to Active Directory for Windows Admins

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

DavidRa

Infrastructure Architect
Aug 3, 2015
329
152
43
Central Coast of NSW
www.pdconsec.net
DavidRa submitted a new resource:

Joining Linux to Active Directory for Windows Admins - A Windows view of joining Linux to AD

You're probably here because you've decided to join a Linux machine to your beloved Active Directory. If so, excellent! If instead you're here for cat videos, comics or the like, I'm afraid you're going to be very bored.

Assumptions

I'm going to make a few assumptions about you, dear reader. If you feel they're not appropriate, you may want to grab some assistance from other experienced people.
  • You know how to build and administer...
Read more about this resource...
 

DebianFanatic

New Member
May 9, 2018
3
0
1
61
I believe your "realmd discover domain.example.com" and "realmd join --user=Daffy domain.example.com" commands should both be "realm ...", not "realmd ...".

I was unable to join my Debian box to my "DOMAIN.local" domain, with little feedback as to why. "journalctl | grep realm" informed me that "SERVER.local" was not resolvable, which I traced to "/etc/nsswitch.conf" which contained the line:

hosts: files mdns4_minimal [NOTFOUND=return] dns

The "mdsn4..." directive was interpreting my "DOMAIN.local" domain as a local Bonjour/Avahi domain, and then quitting the search when it didn't find a local computer by that name. Moving the "dns" directive to before the "mdns4..." directive solved that problem. (It's my understanding that having a domain named .local is a no-no according to standards, but that's not within my control.) I'm unsure if my fix is a good fix, or just one that works for me; I'm also unsure if just removing the "[NOTFOUND=return]" segment might not be a better (or at least alternative) solution.
 

DebianFanatic

New Member
May 9, 2018
3
0
1
61
What part of the steps in your outline creates an /etc/sssd directory and its requisite .conf file? In my tinkering, I moved /etc/sssd out of the way, and purged sssd, and then when I reinstalled sssd, it failed to create a new /etc/sssd directory and its .conf file. I can move my old /etc/sssd back into place, but I'd like to know how it got created originally, and why whatever created it originally is not recreating it after a purge/reinstall.

Thanks!
 

DebianFanatic

New Member
May 9, 2018
3
0
1
61
What part of the steps in your outline creates an /etc/sssd directory and its requisite .conf file? In my tinkering, I moved /etc/sssd out of the way, and purged sssd, and then when I reinstalled sssd, it failed to create a new /etc/sssd directory and its .conf file. I can move my old /etc/sssd back into place, but I'd like to know how it got created originally, and why whatever created it originally is not recreating it after a purge/reinstall.

Thanks!
It's the "realm join ...." command that creates the "/etc/sssd/sssd.conf" file. But it fails if the directory "/etc/sssd" does not already exist. I had to manually create the directory. I'm still wondering what is supposed to, and didn't, create the directory originally, but I'm okay to keep going as-is, for now.

When I then tried to run the "realm join ..." command again, I was told I was already joined. Apparently the earlier attempt sort of worked. So I ran "realm leave" to leave the domain, and then ran the "realm join ..." command again, this time without errors.

Making progress...! :)
 

DavidRa

Infrastructure Architect
Aug 3, 2015
329
152
43
Central Coast of NSW
www.pdconsec.net
I believe your "realmd discover domain.example.com" and "realmd join --user=Daffy domain.example.com" commands should both be "realm ...", not "realmd ...".

Yes, you're right; I've updated the guide document to fix this.

I was unable to join my Debian box to my "DOMAIN.local" domain, with little feedback as to why. "journalctl | grep realm" informed me that "SERVER.local" was not resolvable, which I traced to "/etc/nsswitch.conf" which contained the line:

hosts: files mdns4_minimal [NOTFOUND=return] dns

The "mdsn4..." directive was interpreting my "DOMAIN.local" domain as a local Bonjour/Avahi domain, and then quitting the search when it didn't find a local computer by that name. Moving the "dns" directive to before the "mdns4..." directive solved that problem. (It's my understanding that having a domain named .local is a no-no according to standards, but that's not within my control.) I'm unsure if my fix is a good fix, or just one that works for me; I'm also unsure if just removing the "[NOTFOUND=return]" segment might not be a better (or at least alternative) solution.
As for .local domains - I suspect that's probably what you want, but it's not an area of expertise so I'll let someone who knows what they're talking about respond. I don't have .local domains - haven't for years - but annoyingly I had to migrate off an internal "x.earth" a couple of years back. That was the last "unowned" AD domain name.