Bug ID 1176053
Summary realm join ad domain gotchas
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee screening-team-bugs@suse.de
Reporter diego.ercolani@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

As stated on the upstream site sssd.io, to join a domain using commandline (no
yast2) you have a useful utility called realm that permit almost "everything"
to join ad:

firstly you have to "explore" the domain:
pc-marcow10:~ # realm discover ssisnet.ssis
ssisnet.ssis
  type: kerberos
  realm-name: SSISNET.SSIS
  domain-name: ssisnet.ssis
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-client

and realm inform you about the packages you need to join domain.
After you can do (verbose) the command:
realm join -v -U diego --computer-name=networkstorage2 ssisnet.ssis
and this invoke the real joining command: adcli and try to modify all the
configuration file accordingly:
/etc/sssd/sssd.conf
/etc/nssswitch.conf
/etc/pam.d/common-*

but it's failing:
 * /usr/sbin/pam-config --add --sssd --mkhomedir
pam-config: invalid option -- --sssd
Per ulteriori informazioni, utilizzare `pam-config --help' o `pam-config
--usage'.
 ! Enabling SSSD in nsswitch.conf and PAM failed.
realm: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed.

Workaround:
pam-config --add --sss --mkhomedir

<<<<<<<<< /etc/nsswitch.conf
passwd:         compat sss
group:          compat sss
shadow:         compat sss
>>>>>>>>>

You are receiving this mail because: