Linux Mint login to Active Directory

[niluyati]

Hello,

i use Linux Mint 21.3 Virginia base: Ubuntu 22.04 jammy - and i ad it to an active directory (Synology Directory Server) - everything OK
i test the connection - everything OK (with: "realm discover")
i don`t now how can login with User from active directory on the logon screen on Linux Mint (XFCE and Cinnamon) (User@Domain doesn`t work)
what can i do, to login with a user account?

sorry for my bad english

i hope you can easy help me

thanks

[RowlandP]

Are you using sssd ?
If so, I cannot help you, but I can assure you that you can log into a domain joined Linux Mint Cinnamon computer with the UPN if you use Samba.

[niluyati]

Hello and good evening,

thanks for the tip

yes, i am using sssd.

Today check my active directory domain with: id user@domain -> OK

my sssd.conf (etc/sssd/)

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[sssd]
domains = ad.my.domain.local
config_file_version = 2
services = nss, pam

[domain/ad.my.domain.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.MY.DOMAIN.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad.my.domain.local
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad

Any idea? About the problem?

[RowlandP]

Sorry, but I do not have a clue about sssd, I do not use it.

However, if you need help with using Samba, then I can talk you through that.

[AndyMH]

If all you are trying to do is mount a share from your synology in mint you do NOT need active directory. Read my posts here:
viewtopic.php?p=2224687&hilit=synology+fstab#p2224687
You need to install samba which you can do from software manager, or in a terminal:

Code: Select all

apt install samba

[altair4]

Not to nitpick but you don't need to install samba ( the server package ) on a Linux client to connect to someone else's SMB server.

You certainly don't need it if using mount.cifs to do the connection. CIFS doesn't use any samba client routines. It doesn't even know smb.conf exists. It's all in th Linux Kernel.

[AndyMH]

My link shows connecting with nemo smb://diskstation.local as well as how to connect via fstab with cifs. Thought you needed samba for that? Happy to be corrected.

[altair4]

nemo smb://diskstation.local

nemo calls gvfs-backends which ... I'm going to use the term "oversees" ... the connection and mounting of the SMB share of another host. ( this is where most if not all of the bugs in this process are located )

gvfs-backends calls out libsmbclient which does the actual connection.

libsmbclinet is installed by default in all OS's that rely on gvfs-backends to do it's thing because it is a dependency of that package.

So a samba client process is already present on the system. You can install the smbclient package if you want a CLI capability. But the samba package itself enables a samba server on the system.

None of this has any impact on mount.cifs.

[AndyMH]

I stand corrected and have learnt something

[RowlandP]

My link shows connecting with nemo smb://diskstation.local as well as how to connect via fstab with cifs. Thought you needed samba for that? Happy to be corrected.

That link shows that Avahi is involved in the connection and Samba when connecting to a an AD domain relies on dns, not Avahi. You normally have to join the computer to a domain when using Samba (note: I am not referring to cifs-utils here), but you can, I believe, get sssd to authenticate from AD without joining the domain, I personally don't see the point in that, you might as well just nslcd.

[niluyati]

Hello and thanks for your help,

but my problem ist not using a share, all my windows and linux shares are working fine in my linux mint system.
I have only a problem to using my useraccount from my own (linux) active directory server.

nemo smb://my.domian.local ist working fine

Because of my little and easy question: How ca I use my useraccount (userlogin) from my AD server with linux mint?
Maybe is the answer sooo simple .... whatever ....

[RowlandP]

Hello and thanks for your help,

but my problem ist not using a share, all my windows and linux shares are working fine in my linux mint system.
I have only a problem to using my useraccount from my own (linux) active directory server.

If you have a Linux active directory server, then you have a Samba active directory server and you shouldn't really be using sssd with it.

nemo smb://my.domian.local ist working fine

If your AD TLD is really '.local' , then it shouldn't be, '.local' is reserved for Bonjour and Avahi.

Because of my little and easy question: How ca I use my useraccount (userlogin) from my AD server with linux mint?
Maybe is the answer sooo simple .... whatever ....

It is, stop using sssd, set up Samba correctly (this includes installing winbind) and you will be able to login with:
username
username@REALM
NetBIOS_name\username

Would you like me to talk you through the setup ?

[billyswong]

If your AD TLD is really '.local' , then it shouldn't be, '.local' is reserved for Bonjour and Avahi.

Offtopic: .local were once upon a time a recommendation/suggestion as Active Directory domain name for small business private network by Microsoft. Active Directory technology is older than Bonjour. It is just that Microsoft didn't register .local to the standard bodies, letting Apple took advantage of it.

[RowlandP]

If your AD TLD is really '.local' , then it shouldn't be, '.local' is reserved for Bonjour and Avahi.

Offtopic: .local were once upon a time a recommendation/suggestion as Active Directory domain name for small business private network by Microsoft. Active Directory technology is older than Bonjour. It is just that Microsoft didn't register .local to the standard bodies, letting Apple took advantage of it.

My understanding was that Microsoft recommend '.local' for a short period until it was pointed out to them that it was reserved for Bonjour, it wasn't that they didn't register it, they couldn't, it had already been taken.

[billyswong]

My understanding was that Microsoft recommend '.local' for a short period until it was pointed out to them that it was reserved for Bonjour, it wasn't that they didn't register it, they couldn't, it had already been taken.

Active Directory is first released in Windows 2000 Server edition. Bonjour is first released in OSX by 2002.