Task: Install a server core (without gui) copy of openSUSE Leap 42.2 and join it into an existing Windows AD environment so that one can logon to the system with AD username and password and subsequently can define SMB-Shares on the new server.
- Freshly install openSUSE as a server core without gui
- Open yast2 and navigate to Network Services -> User Logon Management
- Open “Change Settings”
- Now, enable “Allow Domain User Logon”, Enable domain data source -> “Users”; “Groups”
- Open Join Domain
- Insert Domain Name “like domainname.site.org”
- ID-Provider is Active Directory
- Auth-Provider is Active Directory
- Enable Domain
- In the next panel, activate “Read all entities from backend database”
- Then, type in your Active Directory Domain controller like “adserver.domainname.site.org”.
- On the next panel, authenticate with a superuser like “Administrator” who is able to execute a domain join.
- Finish the domain join
When you now type in getent passwd, you will realize, that you don’t get any domain users. The reason is because the sssd service is not running properly and throws off an error when checked with service sssd status.
There are some libraries missing that we need to install manually:
zypper install sssd-krb5
zypper install cyrus-sasl
zypper install cyrus-sasl-crammd5
zypper install cyrus-sasl-digestmd5
zypper install cyrus-sasl-plain
zypper install cyrus-sasl-gssapi
After this, you just need to restart the SSSD-Service daemon and you are fine:
service sssd restart
When you now check the available users with getent passwd, you will see that all of your AD items with passwords appear.
You are now able to login with your domain user account.