[SOLVED] Joining Linux Mint 21.1 to Windows Server 2019 Domain
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Joining Linux Mint 21.1 to Windows Server 2019 Domain
OK. So I am working on a new machine for myself. This time, my machine is a virtual machine running on a laptop. It's dual boot, Windows 10 and Linux Mint 21.1.
Now, I'm trying to rediscover how to join Linux Mint to the domain, with focus on 21.1 Mint for now. I seem to have lost my instructions for joining it to the domain. I want to make a script that takes care of it for me, but first, I need to rediscover how to join it. It's not the actual joining that's causing trouble. I can get realm to join the domain. But I cannot seem to get my users able to logon. It's NOT my DC's fault, for sure.
I like the base of Linux Mint 21.1, it seems better than the one I originally installed on this machine. We'll head back to copying my cinnamon settings after I manage to join it to the domain.
I cannot find the resources I used before, which was a combination of an article and a video on youtube.
As for what I know I did, I know I did the actual join, but I also modified pam settings and modified some other file somewhere else, I think in /share/???. Then, I also did something or other to sudoers, that I forgot too. It's possible to probe this machine to find out what I did, but I'd have to know the best way to probe it.
I love Linux, but why can't joining to a domain with Linux Mint, be as easy as it is with Windows? Why can't we take the most common types of network setups and put them into a GUI? Oh well, maybe I can help with that someday when I finish learning how things work. At least with my OS...
Anyway, please help me rediscover what I did, or create a new, possibly better, working path to joining to a domain. Other than that, this new system, is almost setup. And by the way, when I did some sort of samba thing, modifying the kbr5 or something like that file, it kept locking me out, so I know that that's wrong. I just want to be able to use the systems and get some work done. Overall, I've been more productive with Linux, except for crazy things, like this. Thanks!
you can find a lot of very good guides on the net about it. Unfortunately we cannot find out what do you mean by "I also did something or other to sudoers, that I forgot too", so better to start over again. https://wiki.samba.org/index.php/Set..._Domain_Member
The way to go depends on one thing, do you just want authentication, or do you want to have shares ?
If you just want authentication, then using realmd and sssd is all you need, you can remove any Samba packages you installed.
If you want shares, then it is, in my opinion, the opposite, remove realmd and sssd, install all the Samba packages (including the winbind ones) and configure the following files:
Configure /etc/samba/smb.conf, you will have to decide which idmap backend to use, see the link that pan64 provided to help with your choice. If having trouble deciding, use 'rid'
Join to the domain using net ads join with a user that can join the domain, e.g. net ads join -UAdministrator
add 'winbind' to the passwd & group lines in /etc/nsswitch.conf
When I modified this file, though it wasn't exactly what it said, I locked myself out of the system, including sudo. I could still get in to the system in single user mode, but could not use any normal (administrator?) user. Every time I've modified that file, it immediately does so, so far. Then I'm unable to finish the setup.
As for whether I need to share files or not, I'm going to say, that though I'd really like GPOs to work, I don't know how to, including installing the .admx file. I know that GPOs exist, if you install them, I just don't know how to install them for at least Ubuntu, but if you did, at least those, would apply to it.
Authentication in an understandable way, would be a MUST. I would be happy to also have the functionality of sharing files, but this is not a server machine I'm setting up, so while sharing may be done in the future, it doesn't have to now.
Right though. Good starting from scratch, as I have no idea what all I did enough to trace it back. I need to know this skill, in a way I can repeat, with this version of Linux, or the latest I can do it in, where if not this version, I may downgrade.
I remember the command to do the actual joining of the domain, I used before:
Code:
sudo realm join <domain name>
I then entered the password for Administrator.
I can see why using samba to do it, might be supperior, in case I DO later want to share files or something. But my issue, as I said before, is modifying the krb* file, causes a lock out of my account, where the only way to fix it, was to start from scratch.
If you can, please show me both ways, and then tell me the benefits of both, but if you can, start with the samba way, but we'd need to get past this file problem first, to do that. Then I can make a copy of it, and play with the other way second. I'm not home right now, but when I get home, if it's not too late, I'll try with your krb* file, to see if it does the same thing. If it does, all I've lost is time, because I can easily restore to a time when I could get in.
My actual machine that is new, is a VM on virtual box, for now, on windows 10. It's a new computer, that I bought in 2021, and all that must work on the system, is docking station drivers, and virtual box, and the chrome browser. The VM, sucks up the most space and does the most work.
After this, I'm definately going to create an account on the Linux Mint forums as well. I may speak of them here, but that will get me better support for Linux Mint. When it's a more general question, I'm not going away here. But I'll work on that, next question I have, or if I don't get the question answered here good enough, this one I mean.
I'm still maintaining some "network" forums, which, since there is not community yet, I don't answer a lot of stuff there. But it's still invaluable, as I link to every one of my other forums, when I have questions elsewhere. If anyone wants to join that, it's OK, just go to sites.google.com/site/smileynetmain, and click the forum link, at the bottom to find it. But not trying to 100% advertise here, just mentioning it, because I would eventually like to build up a community, while still being here too. Mine covers more than just Linux, and more than just computers. If someone would like to suggest something else to cover there, it's OK too. But the point of that, is once I post a question somewhere, it's easy to get to again. I also cover questions that I work on that other people do. I have been trying to answer other questions too.
Just saying that it's easy to find my questions, and I probably need to start asking some at mint forums, now that I know about it, too. My goal is to become a realative expert, when dealing with clients, in the network, on Linux Mint. I will settle on a version to use for awhile, pretty soon. The only reason I upgraded on one machine, was because I wanted the newer look and feel to be available. It's possible that I'm starting the process of "ditching" windows, mostly, at all, and using more of Linux. I need to learn how stuff works, therefore.
Definately not supporting Windows 11, on my main network. Yes, I'll allow it on guest subnet, but as far as home, no support for it, if it doesn't work. I still need to learn it, which I'll begin to learn more pretty soon. For jobs, I'll need to use it. For home, no, no no!
I have to say this is not a good approach. Obviously you can go to the Linux Mint forum, just this question is not related to any distro, but samba and you.
From the other hand if you need more help you have to give us more details, what's going on, what did you try, what's happened. Otherwise nobody (on any forum) can correct your mistakes. http://www.catb.org/~esr/faqs/smart-...html#beprecise
Sorry. I wasn't complaining about help here. I wasn't going to worry about this problem. I just wanted to make sure I'm posting in the most appropriate place, in the future, but I'm not at all unhappy with the help I'm getting here. Please don't take it personal, that I want their help too, when I need it. I'm not worried about your help here. Sorry if I've offended you.
As for telling information, more information, the previous few posts were not meant to tell you much, because I couldn't think of more stuff that is realevant. But in this post, I'll provide some more information, because now I think it's needed.
Tutorial that told me about samba way of joining to AD:
I'll take a look at these, as soon as I can, especially the article. I'll see if that helps.
In the meantime, please inform me on why you might want to use the realm join or why you would use samba. Why would you choose either? I'm going to bed pretty soon, or I'd try everything now. Maybe these work for me? We'll see!
If you get locked out by altering /etc/krb5.conf, then you must be altering it in an incompatible way, adding or removing lines, it might help if you could show us what modifications you have tried.
As for altering /etc/resolv.conf, you may not have to, providing that:
A) your computer is in the same DNS domain as the DC
B) search is using the DC's DNS domain
C) the first nameserver is the DC's ipaddress
If you do go and post on the Linux Mint forum, It is likely to be me that replies to you.
Linux mint is based on Ubuntu, which is based on Debian and I have set up more Debian Unix domain members than you have had hot dinners.
Setting up a Unix domain member is easy, just as long as you follow the rules.
If you want help using sssd, then I cannot help, I do not see the point to it with Samba, so I do not use it.
I decided, I'll post the existing config file, so that maybe my situation makes more sense to someone who knows. I was changing it to say exactly what the tutorial told me, with the only differnce being my domain name, instead of theirs.
Unfortunately, it looks as if I have to wait at least until my VM is done restoring.
As for resolv:
Code:
1. Yes, it's in the same domain
2. Yes, it is
3. No it's not. It's pointed at the router, which points to the real DNS. It does some extra what-if "magic", but it allows me to resolve the names.
Quote:
If you do go and post on the Linux Mint forum, It is likely to be me that replies to you.
That was a misunderstood thing. While I would be glad to have you there too, I won't for this, unless I would have to. I wanted to add resources, not take them away. So it's not like I won't still use this forums at all, or "only" for other topics. I just will try to go there first, in the future, not because I don't like this site, just because they might be more experts in mint. But I'm not going away here, and not starting over for this thread. Just wanted to give the heads up when I did. Please, no one feel bad, just because I'm finding more experts. Great if it's you, because I can find you at either site! But I have no moral way of tracing usernames, so bob there could be the only person there, but not here, and joe could be in both places. So I'm figuring for future, that I might be able to find more experts there, so I can become an expert at mint.
Quote:
Linux mint is based on Ubuntu, which is based on Debian and I have set up more Debian Unix domain members than you have had hot dinners.
Setting up a Unix domain member is easy, just as long as you follow the rules.
Good. I needed someone with experience. I'm just learning about things like this, though not nearly a newbie. I was distrohopping for awhile before settling on mint as the next one to become an expert in, for desktop linux. Plus, I just now have time to learn about it if I need to. I didn't have the time to learn properly when in school.
Quote:
If you want help using sssd, then I cannot help, I do not see the point to it with Samba, so I do not use it.
OK. If we can make samba work, it's probably what I'm ok with. I will check more about it. Right now though, I want to also learn anyway I can, and do better later after that. Please let's try the samba way, which you know, and we'll go from there.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
