Hello,
I’ve been running Samba as an AD controller in my home lab, and wanted to start using it for user authentication in Linux.
There is a 3-year old post of a success story by user @sslhijacker but I have failed to get things to work:
- Installed realmd and sssd with
yay -Sy realmd sssd
- Joined the domain with:
$ sudo realm join -v -U Administrator@AD.HOME.LAN ad.home.lan
* Resolving: _ldap._tcp.ad.home.lan
* Performing LDAP DSE lookup on: 192.168.42.201
* Performing LDAP DSE lookup on: 192.168.9.201
* Successfully discovered: ad.home.lan
Password for Administrator@AD.HOME.LAN:
* LANG=C /usr/sbin/adcli join --verbose --domain ad.home.lan --domain-realm AD.HOME.LAN --domain-controller 192.168.42.201 --login-type user --login-user Administrator@AD.HOME.LAN --stdin-password
* Using domain name: ad.home.lan
* Calculated computer account name from fqdn: EOS
* Using domain realm: ad.home.lan
* Sending NetLogon ping to domain controller: 192.168.42.201
* Received NetLogon info from: dc2.ad.home.lan
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-oWIvJd/krb5.d/adcli-krb5-conf-THJfh0
* Authenticated as user: Administrator@AD.HOME.LAN
* Using GSS-SPNEGO for SASL bind
* Looked up short domain name: HOME
* Looked up domain SID: S-1-5-21-3977389702-1060441936-3297101528
* Received NetLogon info from: dc2.ad.home.lan
* Using fully qualified name: eos
* Using domain name: ad.home.lan
* Using computer account name: EOS
* Using domain realm: ad.home.lan
* Calculated computer account name from fqdn: EOS
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* A computer account for EOS$ does not exist
* Found well known computer container at: CN=Computers,DC=ad,DC=home,DC=lan
* Calculated computer account: CN=EOS,CN=Computers,DC=ad,DC=home,DC=lan
* Encryption type [3] not permitted.
* Encryption type [1] not permitted.
* Created computer account: CN=EOS,CN=Computers,DC=ad,DC=home,DC=lan
* Trying to set computer password with Kerberos
* Set computer password
* Retrieved kvno '2' for computer account in directory: CN=EOS,CN=Computers,DC=ad,DC=home,DC=lan
* Checking host/EOS
* Added host/EOS
* Checking RestrictedKrbHost/EOS
* Added RestrictedKrbHost/EOS
* Discovered which keytab salt to use
* Added the entries to the keytab: EOS$@AD.HOME.LAN: FILE:/etc/krb5.keytab
* Added the entries to the keytab: host/EOS@AD.HOME.LAN: FILE:/etc/krb5.keytab
* Added the entries to the keytab: RestrictedKrbHost/EOS@AD.HOME.LAN: FILE:/etc/krb5.keytab
! Enabling SSSD in nsswitch.conf and PAM failed.
realm: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed.
Why is this step failing? What does Enabling SSSD in nsswitch.conf and PAM failed.
mean?
Would appreciate any help on getting this to work…