FIX: 'Cannot Write Pam Settings' when Joining a Windows Domain in SuSE 10.3
Today I attacked my 2008 technical to do list and setup a subversion server for backups/source control. It was actually pretty darn easy in SUSE 10.3. After I got it going, I wondered if I could have it automatically authenticate against my HOME domain. So, using SuSE's menu driven interface YaST, I easily added my Linux machine to my Windows domain.
Initially, YaST wasn't able to find or join the domain. This happens sometimes in Windows clients too when: 1. In TCP/IP, the DNS settings are pointed to servers outside of the domain 2. The fully qualified domain name (ex. corp.windomain.com) is not given when joining the domain 3. The FQDN is not listed as a DNS search suffix
After adjusting /etc/resolv.conf to reflect my fully qualified domain name, YaST made it surprisingly easy to find and join the domain. But right as it was finishing up, it ran into the error "cannot write pam settings." I looked around the web and saw about 2 other people had the same problem but no solution was offered. After poking around, I noticed that "pam-smb" was not installed. Generally, SuSE will automatically detect when rpms need to be added but in this case it didn't.
In order to get it all working, I added pam-smb, samba-winbind and krb5-client then I easily plugged into my Windows 2003 domain. Years ago, I tried to do something similar and it seemed to work but I was never able to login via SSH. I'm pretty sure I didn't prefix the domain (in proper case, at that) when attempting to login. Knowing that, I was successfully able to login to my Linux machine using a Windows domain login this time around.
login as: HOME\testuser Using keyboard-interactive authentication. Password: ***************** Creating directory '/home/HOME/testuser'. Creating directory '/home/HOME/testuser/public_html'. Creating directory '/home/HOME/testuser/bin'. Creating directory '/home/HOME/testuser/Documents'. Have a lot of fun... HOME\[email protected]:~> Awesome! This is much easier than doing user mapping with NIS.