Title: Problem joining AD, wrong workgroup name in winbind.conf Post by: jomoryja on Saturday 11 January 2014, 05:11:46 am The issue I have is that I'm not able to join an AD domain via the GUI.
My version of Endian is 3.0 I've setup the Endian Proxy more then a month ago (3.0 Beta 1) and some weeks ago I've updated via efw-upgrade. I don't know if that's exactly the same as 3.0 Beta 2 however. What did I try / find out: in the flle /etc/samba/winbind.conf is a line with workgroup = DOMAINNAME That DOMAINNAME however is an older one I've entered before during testing, it's not the one which I have entered lately (and actually see) in the GUI. I performed the following actions to test: I first entered all the correct information via the GUI and tried to join the domain via the GUI AD Join then I switched to the command line and performed the following actions 1) I edited the winbind.conf file for the correct workgroup name nano /etc/samba/winbind.conf 2) I checked if the line workgroup was now ok cat /etc/samba/winbind.conf 3) I restarted the service /etc/init.d/winbind start 4) I joined the domain net ads join -Uusername -s /etc/samba/winbind.conf I had to enter the password and it went fine. I was now able to change my access policy based on my AD groups. And this worked fine browsing the Internet. To my surprise however later (> 10 minutes) the line workgroup was changed back to the original domainname and my access policy didn't work anymore. Is this file being overwritten from a template regularly? Am I doing something wrong? Is this a bug? Does anybody have experience with this? Thank you for your answers, Best Regards, Jos Title: Re: Problem joining AD, wrong workgroup name in winbind.conf Post by: jomoryja on Saturday 11 January 2014, 06:36:55 am I think I found the solution.
When data is entered in the GUI, the file /etc/samba/winbind/conf/tmpl is used to retrieve the GUI data. From this the file winbind.conf is generated. In the file winbind.conf.tmpl there is a line: workgroup = ${AUTH_REALM.split(".")[0].upper()} I've changed this to: workgroup = $NTLM_DOMAIN.upper() Now the correct datafield from the GUI is used to enter the correct data (in upper case) behind "workgroup". This works fine for now. My AD join looks stable and works via the GUI. Best regards, Jos |