[Samba] Unable to join domain

Fri Oct 15 01:04:20 UTC 2021

I've done some looking around and also found the information you provided.
I did
sudo authselect enable-feature with-mkhomedir
sudo systemctl enable --now oddjobd

And the user is able to log in and the directory is created.  I've been
spinning up different Fedora vms to see if I got the whole process down and
I think I do but I've only tested on 2.  I want to test on this last one
that is configuring now and see what happens.  I wanted to also test the
enterprise login from a new install but that will be for another day.
According to all that I can see, I am able to join the domain so this
thread can be considered closed.  Also, since I am able to also have the
home dir created at login, I'll mention this in that thread and that too
can be considered closed (at least as far as I am concerned).

Thanks so much for all your help.  Now I need to find a Fedora or Gnome
forum to assist with getting the enterprise login to work with my Samba
configuration.

Quick question, does Debian have an enterprise login desktop environment?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.

On Thu, Oct 14, 2021 at 5:43 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 2021-10-13 at 19:00 -0400, Rob Campbell wrote:
> > > on fedora, I think it is samba-winbind-clients
> > This was already installed.
> >
> > > at one time 'authselect select winbind' would do this, but times
> > change.
> > authselect select winbind
> > [error] [/etc/authselect/system-auth] has unexpected content!
> > [error] [/etc/authselect/nsswitch.conf] has unexpected content!
> > [error] Unexpected changes to the configuration were detected.
> > [error] Refusing to activate profile unless those changes are removed
> > or overwrite is requested.
> >
> > Some unexpected changes to the configuration were detected.
> > Use --force parameter if you want to overwrite these changes.
> >
> > authselect select winbind --force
> > [error] [/etc/authselect/system-auth] has unexpected content!
> > [error] [/etc/authselect/nsswitch.conf] has unexpected content!
> > Backup stored at /var/lib/authselect/backups/2021-10-13-22-52-
> > 26.HHhaHu
> > Profile "winbind" was selected.
> > The following nsswitch maps are overwritten by the profile:
> > - passwd
> > - group
> >
> > Make sure that winbind service is configured and enabled. See winbind
> > documentation for more information.
> >
> > I made backups but I was told to be sure passwd and group was there
> > and had the value of files winbind
> >
> > I'm not running winbind service, I'm running the binary and I'm
> > guessing that's causing problems.
> >
> > > Because he wants to use fedora and was trying to use that distro
> > for a DC.
> > I am using Debian as my DC and Fedora is just a joining member that
> > I'm trying to use as a fileserver
> >
> >
>
> I now think I understand the problem, fedora supplies various tools to
> configure things, one of which is authselect, from my understanding it
> is supposed to work like this:
>
> sudo authselect enable-feature with-mkhomedir
> sudo systemctl enable --now oddjobd
> sudo authselect select winbind
>
> Only problem is that the first one doesn't seem to work, it doesn't add
> mkhomedir to the pam stack, so when you try to login, you get:
>
> Could not chdir to home directory /home/rowland: No such file or
> directory
>
> It is further compounded by the pam_oddjob_mkhomedir manpage telling
> you that you need this:
>
> session optional /lib/security/pam_oddjob_mkhomedir.so
>
> When it actually requires this:
>
> session optional /usr/lib64/security/pam_oddjob_mkhomedir.so
>
> With that in /etc/pam.d/sshd , I could login via ssh and get the
> homedir created.
>
> I presume something similar is required in other PAM files, but I have
> no idea which and no real inclination to find out.
>
> Compare this with Debian, install the pam_mkhomedir package and it is
> all done for you.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>