Issues Domain Join Mint 21.1

treenerd · March 5, 2023, 8:39pm

Hi UCS Team,

I would like to share my todays experience of the domain join tool for Linux Mint 21.1.

To join the Clients I installed the univention-domain-join package like suggested in the github repo.

sudo add-apt-repository ppa:univention-dev/ppa
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install univention-domain-join

When I ran univention-domain-join it complained about a missing /etc/ldap/ldap.conf file, which was not there.
I installed also libldap-common to have the file in place. So the domain join could find the file and write it’s content to it. Not sure if this shouldn’t be added as dependency of the univention package or if there is a different issue within one of the scripts to join UCS.

After that I had some other issues, which I was not able to debug, because my time at this voluntary project at a small community driven school is very limited. But I couldn’t login as ucs user into the system eventough the domain join didn’t complain.

I had to install also additional dependencies before the domain join, to get the user login to work properly.

sudo apt install heimdal-docs heimdal-kcm python3-sniffio python3-trio adcli sssd-tools libsasl2-modules-ldap

Not sure which package fixed it… but after this, ucs users where able to login again, and fresh users where created again at the client system.

I used univention-domain-join-cli after some failures with the gui…
UCS version 5.0-3

If I can help with more information, I will try to add more precise information if needed.
Thank you,

erik · October 17, 2023, 1:27pm

Hi treenerd,

I have exactly the same issue. I also want to integrate my Linux Mint 21.1 Client to my UCS server (5.0-5 errata838), first the univention-domain-join also complained about the missing ldap.conf file, with your suggestion I tried to install libldap-common then the domain-join was successful, I could also find my Linux Mint client in the UMC module ->Computer.
However, when I tried to login as UCS user on the Linux Mint Client, it constantly said the password is incorrect. I have downloaded the additional dependencies which you suggested, but the problem has not been solved. Could you provide more information about how you solved this problem or do you have some idea?

Here is a copy from /var/log/auth.log
Oct 13 14:46:58 locutus lightdm: pam_succeed_if(lightdm:auth): requirement “user ingroup nopasswdlogin” not met by user “erik”
Oct 13 14:47:01 locutus lightdm: pam_unix(lightdm:auth): check pass; user unknown
Oct 13 14:47:01 locutus lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Oct 13 14:47:01 locutus lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=erik
Oct 13 14:47:01 locutus lightdm: gkr-pam: error looking up user information
Oct 13 14:47:01 locutus lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(erik))
Oct 13 14:47:01 locutus lightdm: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
Oct 13 14:47:01 locutus lightdm: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb

I would be very grateful for some suggestions.
Thank you,
erik.

treenerd · October 17, 2023, 4:11pm

Hi Erik,
I’m not sure if I can help very fast at the moment.
Probably I can try a domain join at the weekend and verify if this still would work with these versions.
Or I would have to build up a virtual environment here.
Not sure if I can answer before the weekend.
Please answer if you found already a solution before.

Best regards
Treenerd

erik · October 24, 2023, 7:47am

Hi Treenerad,

Sorry for the delay, I didn’t find a solution jet. So with your settings you can still get the domain join and Client User login working?

Best regards
Erik