Domain join from Opensuse

Hello Guys
I’m having trouble with connecting my OpenSUSE leap 5 desktop to my UCS domain.
i will really appreciate your help if you guys can guide me on how to do that.

Thank you so much!

Raz

anyone? please help
can someone send the steps to join opensuse machine to ucs?

be sure to have the UCS DC as parimary DNS server configured on your opensuse machine

Open Yast
under network services select windows Domain membership
under domain/workgroup enter the domain name full qualified and select join
give domain administrator and password
thats it

after that you may login with user e.g. domain\username
rg

Hello externa1
Thank you for your replay.

sorry i didn’t explain myself clearly.
Im looking for a way to connect Opensuse to UCS with LDAP (like they do with Univention domain join assistant to join ubuntu machine)

its very difficult to do that with Linux distributions unless you have Ubuntu.
I couldn’t find any documentation or guides to do that (in the UCS docs they dont really explain)

Please help

Thank you,

Raz

OpenSuse, I am not really familiar with, however, connecting Ubuntu and Zorin (also Ubuntu based) works like a charm, following instructions from here https://computingforgeeks.com/install-and-configure-samba-server-share-on-debian-ubuntu/
Important: you need to add the primary domain server to /etc/hosts

Hey IT-Bizz

Thank you for your answer.

but in want to find a way to connect Opensuse to UCS with LDAP and not with Active Directory.

someone here knows how to?

This shoud also be possible throu yast - network settings - ldap & kerberos auth

but did not try this as my ucs servers acts as windows AD (samba4) servers

rg
Christian

How and what you want to connect? Where exactly is the problem?

Hey guys
Im Trying to connect to ucs with ldap and not with active directory.

the main problems with connecting with ad:
1.users does not connect with the shell and the home directory i chose on ucs user options (account -> Posix(linux/unix)

2.after connecting to the domain with ad opensuse sees the group id’s as active directory domain id’s which is problem for me because we have lots of data in share folders with unix group id’s.

I’ve tried to connect with ldap many times but with no success…
i’d really appreciate it if you guys help me figure out how to do that…

thanks.

Hey Guys,
any idea?

Thanks

Raz

Yes, only Ubuntu has a fully automated join script. So every other distro is more difficult.

As it wasn’t linked here: https://docs.software-univention.de/domain-4.4.html#ext-dom-unix
This would be the documentation.

Depending on how fit you are with bash-scripts and Opensuse package management, perhaps you can rewrite the scripts from https://docs.software-univention.de/domain-4.4.html#ext-dom-ubuntu or at least use parts for the Openldap configuration.
But true: a misreading of §2.4 and §2.5 has the potential of messing up your system - including: being locked out for good - if you don’t fully understand nss and pam (or at least handle every change with care and backup strategy).

That beeing said: after adjusting the system as described in the not so difficult parts §§2.1-2.3 - I would start with the LDAP configuration and there the crutial part will be:

  • Registering your Opensuse-Computer as a Linux Computer on the UCS master-server
  • Copy the CAcert from master-server to opensuse and
  • Modify your Openldap config and test it with different accounts.

All that being said - isn’t it perhaps more promising to follow the Opensuse-way and use AD https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha-samba.html#sec-samba-adnet ?

I’m not sure what you mean by that. How should they login and what home directory do you wish to use? Is the setting you made in UCS not working? If so - this would be a well defined problem for a single thread here in the forum.
EDIT: How is your computer registered in UCS, when you just join from OpenSuse? As windows- or linux-computer? Are some of the following problems due to a ‘misregistration’ of opensuse as windows-computer? Have you tried to register opensuse from UMC first as linux-computer?

Ok - so there is a NAS that is not joined to the domain? How is the current user mapping between NAS and UCS - manual, LDAP? Why not join it to UCS AD?
But also here - perhaps a question for a single help thread?

Hope this helps,
Bernd

Hey Lebernd
first of all, Thank you for your answer and your time.

  1. I did try to use ubuntu scripts to fully/half join Opensuse to UCS. it didn’t work out so well.
    and yes I agree with you that doing something like that can crash services configuration and make trouble.

"That beeing said: after adjusting the system as described in the not so difficult parts §§2.1-2.3 - I would start with the LDAP configuration and there the crutial part will be:

  • Registering your Opensuse-Computer as a Linux Computer on the UCS master-server
  • Copy the CAcert from master-server to OpenSUSE and
  • Modify your Openldap config and test it with different accounts."
    I also tried that, it’s just can’t connect to UCS Ldap (no connection problem, I saw with telnet that the port is listening)
  1. “I’m not sure what you mean by that. How should they login and what home directory do you wish to use? Is the setting you made in UCS not working? If so - this would be a well defined problem for a single thread here in the forum.” when im connecting with AD the ucs ignores the UNIX attributes.
    so im not sure that its a problem, UCS just think that my OpenSUSE uses windows attributes (home folder, group and user ids)

3.“Ok - so there is a NAS that is not joined to the domain? How is the current user mapping between NAS and UCS - manual, LDAP? Why not join it to UCS AD?
But also here - perhaps a question for a single help thread?”

I would connect the NAS server to the domain but it didn’t work.
its NetApp storage and it didn’t work to connect it with ad or with LDAP.
so I had to make share folder permissions manually (we need it to be UNIX permissions)

I hope it explains things.
again, thank you for your time

Raz

Hey @razaidlitz

Well, that is of course very vague…

I’ve just tried this with a mixture of yast and doc-scripts and it works pretty good (as long as you don’t use different password across the udm ldap and ldap conf :face_with_monocle:.)

Can you please post the output of those commands:

cat /etc/hosts
cat /etc/openldap/ldap.conf
cat /etc/sssd/sssd.conf
cat /etc/krb5.conf
zypper se libheimdal
zypper se krb5-client

I could perhaps post the scripts I used in the next days.

Edit: Well an initial join worked - but now I have strange sssd kerberos behavior - I will have to look into this a little bit more…

Edit2: vm opensuse leap 15.1
Working: login with UCS-LDAP user. (Local home directory - gets created on login)

Best,
Bernd