[Samba] Unable to join domain

Rowland Penny rpenny at samba.org
Thu Oct 14 21:42:40 UTC 2021 

On Wed, 2021-10-13 at 19:00 -0400, Rob Campbell wrote:
> > on fedora, I think it is samba-winbind-clients
> This was already installed.
> 
> > at one time 'authselect select winbind' would do this, but times
> change. 
> authselect select winbind
> [error] [/etc/authselect/system-auth] has unexpected content!
> [error] [/etc/authselect/nsswitch.conf] has unexpected content!
> [error] Unexpected changes to the configuration were detected.
> [error] Refusing to activate profile unless those changes are removed
> or overwrite is requested.
> 
> Some unexpected changes to the configuration were detected.
> Use --force parameter if you want to overwrite these changes.
> 
> authselect select winbind --force
> [error] [/etc/authselect/system-auth] has unexpected content!
> [error] [/etc/authselect/nsswitch.conf] has unexpected content!
> Backup stored at /var/lib/authselect/backups/2021-10-13-22-52-
> 26.HHhaHu
> Profile "winbind" was selected.
> The following nsswitch maps are overwritten by the profile:
> - passwd
> - group
> 
> Make sure that winbind service is configured and enabled. See winbind
> documentation for more information.
> 
> I made backups but I was told to be sure passwd and group was there
> and had the value of files winbind
> 
> I'm not running winbind service, I'm running the binary and I'm
> guessing that's causing problems.
> 
> > Because he wants to use fedora and was trying to use that distro
> for a DC.
> I am using Debian as my DC and Fedora is just a joining member that
> I'm trying to use as a fileserver
> 
> 

I now think I understand the problem, fedora supplies various tools to
configure things, one of which is authselect, from my understanding it
is supposed to work like this:

sudo authselect enable-feature with-mkhomedir
sudo systemctl enable --now oddjobd 
sudo authselect select winbind

Only problem is that the first one doesn't seem to work, it doesn't add
mkhomedir to the pam stack, so when you try to login, you get:

Could not chdir to home directory /home/rowland: No such file or
directory

It is further compounded by the pam_oddjob_mkhomedir manpage telling
you that you need this:

session optional /lib/security/pam_oddjob_mkhomedir.so

When it actually requires this:

session optional /usr/lib64/security/pam_oddjob_mkhomedir.so

With that in /etc/pam.d/sshd , I could login via ssh and get the
homedir created.

I presume something similar is required in other PAM files, but I have
no idea which and no real inclination to find out.

Compare this with Debian, install the pam_mkhomedir package and it is
all done for you.

Rowland

More information about the samba mailing list