Hallo,
bei einer Neuinstallation mit Ubuntu 20.04.02 und updates zeigt das
linuxmuster-linuxclient setup
einen Fehler.
Hier der letzte Output, nachdem es oben ganz gut aussieht:
[INFO] ===> Finished unmounting all shares of user R219-PC02$ ===
[INFO] Adjusting sssd.conf
[INFO] Writing new Configuration
[INFO] Restarting sssd
[INFO] Testing if the domain join actually works
[INFO] * Checking if the group "domain users" exists
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
================================================================================
The setup FAILED, see previous errors!
Plase check your configuration and try again.
=================================================
Die domain users scheint nicht gefunden zu werden.
Was ist da los?
Grüße
Ralf
dorian
5. Januar 2022 um 14:54
2
Hi Ralf,
Wie lang ist der Hostname?
VG, Dorian
Hallo Dorian,
das siehst du oben in dem Ausdruck: 8 Zeichen
graueralltag:
R219-PC02
Grüßle Ralf
update: es sind wohl doch 9 Zeichen
dorian
5. Januar 2022 um 15:08
4
Hmm, aber das ist eigentlich kurz genug. Was sagt klist -k?
root@r219-pc02:/home/linuxadmin# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
17 R219-PC02$@LINUXMUSTER.MMSWN.DE
17 R219-PC02$@LINUXMUSTER.MMSWN.DE
17 R219-PC02$@LINUXMUSTER.MMSWN.DE
17 host/R219-PC02@LINUXMUSTER.MMSWN.DE
17 host/R219-PC02@LINUXMUSTER.MMSWN.DE
17 host/R219-PC02@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE
17 HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
dorian
5. Januar 2022 um 15:13
6
Passiert das jedes mal? Und hast du due neuste Version vom Client?
dorian
5. Januar 2022 um 15:16
8
dorian:
Passiert das jedes mal?
Bzw. Hast du es mehr als ein mal probiert?
dorian
5. Januar 2022 um 15:26
10
Hmmm da bin ich auch ein bisschen ratlos…
Kannst du bitte den gesamten Log vom setup posten?
root@r219-pc02:/home/linuxadmin# linuxmuster-linuxclient7 setup
[INFO] #### linuxmuster-linuxclient7 setup ####
[INFO] Cleaning sssd cache.
[INFO] Stopping sssd
[INFO] Deleting old kerberos tickets.
[INFO] Cleaning / leaving all domain joins
[INFO] * linuxmuster.mmswn.de
[INFO] -> Done!
[INFO] Deleting krb5.keytab if it exists ...
[INFO] Deleting old CA certificate if it exists ...
[INFO] * Deleting linuxmuster.mmswn.de.pem
[INFO] Deleting /etc/linuxmuster-linuxclient7/network.conf if exists ...
[INFO] Trying to discover available domains...
[INFO] Using first discovered domain linuxmuster.mmswn.de
[INFO] Preparing network configuration
[INFO] Writing new network Configuration
[INFO] Deleting obsolete files
[INFO] * /etc/profile.d/99-linuxmuster.sh
[INFO] * /etc/sudoers.d/linuxmuster
[INFO] * /etc/profile.d/linuxmuster-proxy.sh
[INFO] * /etc/bash_completion.d/99-linuxmuster-client-adsso.sh
[INFO] * /etc/profile.d/99-linuxmuster-client-adsso.sh
[INFO] * /etc/sudoers.d/linuxmuster-client-adsso
[INFO] * /usr/sbin/linuxmuster-client-adsso
[INFO] * /usr/sbin/linuxmuster-client-adsso-print-logs
[INFO] * /etc/systemd/system/linuxmuster-client-adsso.service
[INFO] * /home/linuxadmin/.config/autostart/linuxmuster-client-adsso-autostart.desktop
[INFO] * /etc/cups/client.conf
[INFO] * /usr/share/linuxmuster-linuxclient7/templates/linuxmuster-client-adsso.service
[INFO] * /usr/share/linuxmuster-linuxclient7/templates/linuxmuster-client-adsso-autostart.desktop
[INFO] * /etc/security/pam_mount.conf.xml
[INFO] * /usr/share/linuxmuster-linuxclient7/templates/pam_mount.conf.xml
[INFO] Deleting obsolete directories
[INFO] * /etc/linuxmuster-client
[INFO] * /etc/linuxmuster-client-adsso
[INFO] * /usr/share/linuxmuster-client-adsso
[INFO] Applying all configuration templates:
[INFO] * linuxmuster-linuxclient7.service ...
[DEBUG] -> to /etc/systemd/system/linuxmuster-linuxclient7.service
[INFO] * nsswitch.conf ...
[DEBUG] -> to /etc/nsswitch.conf
[INFO] * greeter.dconf-defaults ...
[DEBUG] -> to /etc/gdm3/greeter.dconf-defaults
[INFO] * common-session ...
[DEBUG] -> to /etc/pam.d/common-session
[INFO] * krb5.conf ...
[DEBUG] -> to /etc/krb5.conf
[INFO] * lightdm.conf ...
[DEBUG] -> to /etc/lightdm/lightdm.conf.d/50-linuxmuster.conf
[INFO] * cifs.spnego.conf ...
[DEBUG] -> to /etc/request-key.d/cifs.spnego.conf
[INFO] * smb.conf ...
[DEBUG] -> to /etc/samba/smb.conf
[INFO] * timesyncd.conf ...
[DEBUG] -> to /etc/systemd/timesyncd.conf
[INFO] * linuxmuster-linuxclient7.desktop ...
[DEBUG] -> to /home/linuxadmin/.config/autostart/linuxmuster-linuxclient7-autostart.desktop
[INFO] Reloading systemctl ...
[INFO] Updating pam configuration ...
[INFO] Raloading systctl daemon
[INFO] Enabling services:
[INFO] * linuxmuster-linuxclient7
[INFO] * smbd
[INFO] * nmbd
[INFO] * sssd
[INFO] Restarting services:
[INFO] * smbd
[INFO] * nmbd
[INFO] * systemd-timesyncd
[INFO] #### Joining domain linuxmuster.mmswn.de ####
* Resolving: _ldap._tcp.linuxmuster.mmswn.de
* Performing LDAP DSE lookup on: 10.0.0.1
* Performing LDAP DSE lookup on: 172.17.0.1
* Performing LDAP DSE lookup on: 172.18.0.1
* Successfully discovered: linuxmuster.mmswn.de
Passwort für global-admin:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain linuxmuster.mmswn.de --domain-realm LINUXMUSTER.MMSWN.DE --domain-controller 10.0.0.1 --login-type user --login-user global-admin --stdin-password
* Using domain name: linuxmuster.mmswn.de
* Calculated computer account name from fqdn: R219-PC02
* Using domain realm: linuxmuster.mmswn.de
* Sending NetLogon ping to domain controller: 10.0.0.1
* Received NetLogon info from: server.linuxmuster.mmswn.de
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-PO2c7F/krb5.d/adcli-krb5-conf-3jQuXG
* Authenticated as user: global-admin@LINUXMUSTER.MMSWN.DE
* Using GSS-SPNEGO for SASL bind
* Looked up short domain name: LINUXMUSTER
* Looked up domain SID: S-1-5-21-4121089131-2061783183-2884142362
* Using fully qualified name: r219-pc02
* Using domain name: linuxmuster.mmswn.de
* Using computer account name: R219-PC02
* Using domain realm: linuxmuster.mmswn.de
* Calculated computer account name from fqdn: R219-PC02
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* Found computer account for R219-PC02$ at: CN=R219-PC02,OU=219,OU=Devices,OU=default-school,OU=SCHOOLS,DC=linuxmuster,DC=mmswn,DC=de
* Sending NetLogon ping to domain controller: 10.0.0.1
* Received NetLogon info from: server.linuxmuster.mmswn.de
* Set computer password
* Retrieved kvno '18' for computer account in directory: CN=R219-PC02,OU=219,OU=Devices,OU=default-school,OU=SCHOOLS,DC=linuxmuster,DC=mmswn,DC=de
* Checking HOST/R219-PC02
* Added HOST/R219-PC02
* Checking HOST/R219-PC02.linuxmuster.mmswn.de
* Added HOST/R219-PC02.linuxmuster.mmswn.de
* Checking RestrictedKrbHost/R219-PC02
* Added RestrictedKrbHost/R219-PC02
* Checking RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de
* Added RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de
* Discovered which keytab salt to use
* Added the entries to the keytab: R219-PC02$@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: host/R219-PC02@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* /usr/sbin/update-rc.d sssd enable
* /usr/sbin/service sssd restart
* Successfully enrolled machine in realm
[INFO] It looks like the domain was joined successfully.
[INFO] Installing server ca certificate ...
[DEBUG] Calculating mountpoint of //server.linuxmuster.mmswn.de/sysvol
[WARNING] Uid could not be found! Continuing anyway!
[DEBUG] Trying to mount '//server.linuxmuster.mmswn.de/sysvol' to '/srv/samba/R219-PC02$/sysvol'
[DEBUG] * Creating directory...
[DEBUG] * Executing '/usr/sbin/mount.cifs -o file_mode=0700,dir_mode=0700,sec=krb5,nodev,nosuid,mfsymlinks,nobrl,vers=3.0,user=R219-PC02$,domain=LINUXMUSTER.MMSWN.DE //server.linuxmuster.mmswn.de/sysvol /srv/samba/R219-PC02$/sysvol'
[DEBUG] * Trying to mount...
[DEBUG] * Success!
[DEBUG] Calculating mountpoint of //server.linuxmuster.mmswn.de/sysvol
[INFO] Copying CA certificate from server to client!
[INFO] === Trying to unmount all shares of user R219-PC02$ ===
[INFO] Mount basedir /home/R219-PC02$/media does not exist -> nothing to unmount
[INFO] * Trying to unmount /srv/samba/R219-PC02$/sysvol...
[INFO] * Deleting /srv/samba/R219-PC02$/sysvol...
[INFO] Deleting /srv/samba/R219-PC02$...
[INFO] ===> Finished unmounting all shares of user R219-PC02$ ===
[INFO] Adjusting sssd.conf
[INFO] Writing new Configuration
[INFO] Restarting sssd
[INFO] Testing if the domain join actually works
[INFO] * Checking if the group "domain users" exists
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
================================================================================
The setup FAILED, see previous errors!
Plase check your configuration and try again.
================================================================================
Kann es sein, dass es ein Problem mit Dual Boot gibt?
Auf dem Rechner läuft auch Windows
Hallo Ralf,
nicht beim Installieren des Clients: das glaube ich nicht.
Hast du danach mal direkt ein Image erstellt und dann getestet ob ein Domuser rein kommt?
Wurden die GPOs auf dem Server mal erstellt?
LG
Holger
Hallo Holger,
auch wenn ich das prepare Skript laufen lasse bekomme ich folgende Fehler:
root@r219-pc02:/home/linuxadmin# linuxmuster-linuxclient7 prepare-image -y
[INFO] #### Image preparation ####
[INFO] #### linuxmuster-linuxclient7 status ####
[INFO] Linuxmuster-linuxclient7 is setup!
[INFO] Testing if domain is joined...
[INFO] Checking joined domains
[INFO] Joined domains:
[INFO] * linuxmuster.mmswn.de
[INFO] Testing if the domain join actually works
[INFO] * Checking if the group "domain users" exists
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
===============================================================================================
This Computer is joined to a domain, but it was not possible to authenticate
to the domain controller. There is an error with your domain join! The login WILL NOT WORK!
Please try to re-join the domain using 'linuxmuster-linuxclient7 setup' and create a new image.
===============================================================================================
Hallo Holger,
GPOs habe ich noch keine erstellt.
Server ist auf 71
dorian
5. Januar 2022 um 16:01
16
Stimmt die Zeit am Client?
Die Zeit am Client ist aktuell und stimmt mit der Zeit am Server überein.
Getestet mit timedatectl
Beide stehen auf
12:38 CET und
11:38 UTC und
11:38 RTC
Immer noch der selbe Fehler:
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
================================================================================
The setup FAILED, see previous errors!
Plase check your configuration and try again.
================================================================================
„Domain users“ group ??
Grüße Ralf
Beim ersten install kommt die Meldung nach einer Paketkonfiguration der Kerberos-Authentisierung
Voreingestellter Realm für Kerberos Version 5:
Hier habe ich nichts eingetragen. Einfach Enter
dorian
7. Januar 2022 um 15:39
19
Das passt.
Kannst du bitte prüfen, ob die domain user gefunden werden?
Mit: id username
, also z.B. id global-admin
dorian:
id global-admin
root@r219-pc02:/home/linuxadmin# id global-admin
id: »global-admin“: Einen solchen Benutzer gibt es nicht
Es kommt noch immer der selbe Fehler.
Grüße
Ralf
Edit:
Aktuelle Version:
Meine aktuelle Version von grad eben:
linuxmuster.net packages:
█████ █████ -Base…: 7.1.3-0
███ ███ -Linbo…: 4.0.5-0
███ ███ -WebUI…: 7.1.2
█████ █████ -Sophomorix…: 3.90.3-1