Hallo,
Hier der letzte Output, nachdem es oben ganz gut aussieht:
[INFO] ===> Finished unmounting all shares of user R219-PC02$ ===
[INFO] Adjusting sssd.conf
[INFO] Writing new Configuration
[INFO] Restarting sssd
[INFO] Testing if the domain join actually works
[INFO] * Checking if the group "domain users" exists
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
================================================================================
The setup FAILED, see previous errors!
Plase check your configuration and try again.
=================================================
Die domain users scheint nicht gefunden zu werden.
dorian
5. Januar 2022 um 14:54
2
Hi Ralf,
Wie lang ist der Hostname?
VG, Dorian
Hallo Dorian,
graueralltag:
R219-PC02
Grüßle Ralf
dorian
5. Januar 2022 um 15:08
4
Hmm, aber das ist eigentlich kurz genug. Was sagt klist -k?
root@r219-pc02:/home/linuxadmin# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
17 R219-PC02$@LINUXMUSTER.MMSWN.DE
17 R219-PC02$@LINUXMUSTER.MMSWN.DE
17 R219-PC02$@LINUXMUSTER.MMSWN.DE
17 host/R219-PC02@LINUXMUSTER.MMSWN.DE
17 host/R219-PC02@LINUXMUSTER.MMSWN.DE
17 host/R219-PC02@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE
17 HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
17 RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE
dorian
5. Januar 2022 um 15:13
6
Passiert das jedes mal? Und hast du due neuste Version vom Client?
dorian
5. Januar 2022 um 15:16
8
dorian:
Passiert das jedes mal?
Bzw. Hast du es mehr als ein mal probiert?
dorian
5. Januar 2022 um 15:26
10
Hmmm da bin ich auch ein bisschen ratlos…
root@r219-pc02:/home/linuxadmin# linuxmuster-linuxclient7 setup
[INFO] #### linuxmuster-linuxclient7 setup ####
[INFO] Cleaning sssd cache.
[INFO] Stopping sssd
[INFO] Deleting old kerberos tickets.
[INFO] Cleaning / leaving all domain joins
[INFO] * linuxmuster.mmswn.de
[INFO] -> Done!
[INFO] Deleting krb5.keytab if it exists ...
[INFO] Deleting old CA certificate if it exists ...
[INFO] * Deleting linuxmuster.mmswn.de.pem
[INFO] Deleting /etc/linuxmuster-linuxclient7/network.conf if exists ...
[INFO] Trying to discover available domains...
[INFO] Using first discovered domain linuxmuster.mmswn.de
[INFO] Preparing network configuration
[INFO] Writing new network Configuration
[INFO] Deleting obsolete files
[INFO] * /etc/profile.d/99-linuxmuster.sh
[INFO] * /etc/sudoers.d/linuxmuster
[INFO] * /etc/profile.d/linuxmuster-proxy.sh
[INFO] * /etc/bash_completion.d/99-linuxmuster-client-adsso.sh
[INFO] * /etc/profile.d/99-linuxmuster-client-adsso.sh
[INFO] * /etc/sudoers.d/linuxmuster-client-adsso
[INFO] * /usr/sbin/linuxmuster-client-adsso
[INFO] * /usr/sbin/linuxmuster-client-adsso-print-logs
[INFO] * /etc/systemd/system/linuxmuster-client-adsso.service
[INFO] * /home/linuxadmin/.config/autostart/linuxmuster-client-adsso-autostart.desktop
[INFO] * /etc/cups/client.conf
[INFO] * /usr/share/linuxmuster-linuxclient7/templates/linuxmuster-client-adsso.service
[INFO] * /usr/share/linuxmuster-linuxclient7/templates/linuxmuster-client-adsso-autostart.desktop
[INFO] * /etc/security/pam_mount.conf.xml
[INFO] * /usr/share/linuxmuster-linuxclient7/templates/pam_mount.conf.xml
[INFO] Deleting obsolete directories
[INFO] * /etc/linuxmuster-client
[INFO] * /etc/linuxmuster-client-adsso
[INFO] * /usr/share/linuxmuster-client-adsso
[INFO] Applying all configuration templates:
[INFO] * linuxmuster-linuxclient7.service ...
[DEBUG] -> to /etc/systemd/system/linuxmuster-linuxclient7.service
[INFO] * nsswitch.conf ...
[DEBUG] -> to /etc/nsswitch.conf
[INFO] * greeter.dconf-defaults ...
[DEBUG] -> to /etc/gdm3/greeter.dconf-defaults
[INFO] * common-session ...
[DEBUG] -> to /etc/pam.d/common-session
[INFO] * krb5.conf ...
[DEBUG] -> to /etc/krb5.conf
[INFO] * lightdm.conf ...
[DEBUG] -> to /etc/lightdm/lightdm.conf.d/50-linuxmuster.conf
[INFO] * cifs.spnego.conf ...
[DEBUG] -> to /etc/request-key.d/cifs.spnego.conf
[INFO] * smb.conf ...
[DEBUG] -> to /etc/samba/smb.conf
[INFO] * timesyncd.conf ...
[DEBUG] -> to /etc/systemd/timesyncd.conf
[INFO] * linuxmuster-linuxclient7.desktop ...
[DEBUG] -> to /home/linuxadmin/.config/autostart/linuxmuster-linuxclient7-autostart.desktop
[INFO] Reloading systemctl ...
[INFO] Updating pam configuration ...
[INFO] Raloading systctl daemon
[INFO] Enabling services:
[INFO] * linuxmuster-linuxclient7
[INFO] * smbd
[INFO] * nmbd
[INFO] * sssd
[INFO] Restarting services:
[INFO] * smbd
[INFO] * nmbd
[INFO] * systemd-timesyncd
[INFO] #### Joining domain linuxmuster.mmswn.de ####
* Resolving: _ldap._tcp.linuxmuster.mmswn.de
* Performing LDAP DSE lookup on: 10.0.0.1
* Performing LDAP DSE lookup on: 172.17.0.1
* Performing LDAP DSE lookup on: 172.18.0.1
* Successfully discovered: linuxmuster.mmswn.de
Passwort für global-admin:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain linuxmuster.mmswn.de --domain-realm LINUXMUSTER.MMSWN.DE --domain-controller 10.0.0.1 --login-type user --login-user global-admin --stdin-password
* Using domain name: linuxmuster.mmswn.de
* Calculated computer account name from fqdn: R219-PC02
* Using domain realm: linuxmuster.mmswn.de
* Sending NetLogon ping to domain controller: 10.0.0.1
* Received NetLogon info from: server.linuxmuster.mmswn.de
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-PO2c7F/krb5.d/adcli-krb5-conf-3jQuXG
* Authenticated as user: global-admin@LINUXMUSTER.MMSWN.DE
* Using GSS-SPNEGO for SASL bind
* Looked up short domain name: LINUXMUSTER
* Looked up domain SID: S-1-5-21-4121089131-2061783183-2884142362
* Using fully qualified name: r219-pc02
* Using domain name: linuxmuster.mmswn.de
* Using computer account name: R219-PC02
* Using domain realm: linuxmuster.mmswn.de
* Calculated computer account name from fqdn: R219-PC02
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* Found computer account for R219-PC02$ at: CN=R219-PC02,OU=219,OU=Devices,OU=default-school,OU=SCHOOLS,DC=linuxmuster,DC=mmswn,DC=de
* Sending NetLogon ping to domain controller: 10.0.0.1
* Received NetLogon info from: server.linuxmuster.mmswn.de
* Set computer password
* Retrieved kvno '18' for computer account in directory: CN=R219-PC02,OU=219,OU=Devices,OU=default-school,OU=SCHOOLS,DC=linuxmuster,DC=mmswn,DC=de
* Checking HOST/R219-PC02
* Added HOST/R219-PC02
* Checking HOST/R219-PC02.linuxmuster.mmswn.de
* Added HOST/R219-PC02.linuxmuster.mmswn.de
* Checking RestrictedKrbHost/R219-PC02
* Added RestrictedKrbHost/R219-PC02
* Checking RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de
* Added RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de
* Discovered which keytab salt to use
* Added the entries to the keytab: R219-PC02$@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: host/R219-PC02@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: RestrictedKrbHost/R219-PC02@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: HOST/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: RestrictedKrbHost/R219-PC02.linuxmuster.mmswn.de@LINUXMUSTER.MMSWN.DE: FILE:/etc/krb5.keytab
* /usr/sbin/update-rc.d sssd enable
* /usr/sbin/service sssd restart
* Successfully enrolled machine in realm
[INFO] It looks like the domain was joined successfully.
[INFO] Installing server ca certificate ...
[DEBUG] Calculating mountpoint of //server.linuxmuster.mmswn.de/sysvol
[WARNING] Uid could not be found! Continuing anyway!
[DEBUG] Trying to mount '//server.linuxmuster.mmswn.de/sysvol' to '/srv/samba/R219-PC02$/sysvol'
[DEBUG] * Creating directory...
[DEBUG] * Executing '/usr/sbin/mount.cifs -o file_mode=0700,dir_mode=0700,sec=krb5,nodev,nosuid,mfsymlinks,nobrl,vers=3.0,user=R219-PC02$,domain=LINUXMUSTER.MMSWN.DE //server.linuxmuster.mmswn.de/sysvol /srv/samba/R219-PC02$/sysvol'
[DEBUG] * Trying to mount...
[DEBUG] * Success!
[DEBUG] Calculating mountpoint of //server.linuxmuster.mmswn.de/sysvol
[INFO] Copying CA certificate from server to client!
[INFO] === Trying to unmount all shares of user R219-PC02$ ===
[INFO] Mount basedir /home/R219-PC02$/media does not exist -> nothing to unmount
[INFO] * Trying to unmount /srv/samba/R219-PC02$/sysvol...
[INFO] * Deleting /srv/samba/R219-PC02$/sysvol...
[INFO] Deleting /srv/samba/R219-PC02$...
[INFO] ===> Finished unmounting all shares of user R219-PC02$ ===
[INFO] Adjusting sssd.conf
[INFO] Writing new Configuration
[INFO] Restarting sssd
[INFO] Testing if the domain join actually works
[INFO] * Checking if the group "domain users" exists
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
================================================================================
The setup FAILED, see previous errors!
Plase check your configuration and try again.
================================================================================
Kann es sein, dass es ein Problem mit Dual Boot gibt?
Hallo Ralf,
nicht beim Installieren des Clients: das glaube ich nicht.
Wurden die GPOs auf dem Server mal erstellt?
Holger
Hallo Holger,
root@r219-pc02:/home/linuxadmin# linuxmuster-linuxclient7 prepare-image -y
[INFO] #### Image preparation ####
[INFO] #### linuxmuster-linuxclient7 status ####
[INFO] Linuxmuster-linuxclient7 is setup!
[INFO] Testing if domain is joined...
[INFO] Checking joined domains
[INFO] Joined domains:
[INFO] * linuxmuster.mmswn.de
[INFO] Testing if the domain join actually works
[INFO] * Checking if the group "domain users" exists
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
===============================================================================================
This Computer is joined to a domain, but it was not possible to authenticate
to the domain controller. There is an error with your domain join! The login WILL NOT WORK!
Please try to re-join the domain using 'linuxmuster-linuxclient7 setup' and create a new image.
===============================================================================================
Hallo Holger,
dorian
5. Januar 2022 um 16:01
16
Stimmt die Zeit am Client?
Die Zeit am Client ist aktuell und stimmt mit der Zeit am Server überein.
Immer noch der selbe Fehler:
[ERROR] The "domain users" group does not exists! Users wont be able to log in!
[ERROR] This is sometimes related to /etc/nsswitch.conf.
================================================================================
The setup FAILED, see previous errors!
Plase check your configuration and try again.
================================================================================
„Domain users“ group ??
Beim ersten install kommt die Meldung nach einer Paketkonfiguration der Kerberos-Authentisierung
Voreingestellter Realm für Kerberos Version 5:
Hier habe ich nichts eingetragen. Einfach Enter
dorian
7. Januar 2022 um 15:39
19
Das passt.
Kannst du bitte prüfen, ob die domain user gefunden werden?id username, also z.B. id global-admin
dorian:
id global-admin
root@r219-pc02:/home/linuxadmin# id global-admin
id: »global-admin“: Einen solchen Benutzer gibt es nicht
Es kommt noch immer der selbe Fehler.linuxmuster.net packages:
