I would like to first mention that I have more experience with the CentOS/RHEL world than I do with configuration of Ubuntu. Most of the Ubuntu systems that I have had to build use default configurations or I have been able to figure out what the RHEL->Ubuntu equivalent of that configuration would be.
I am looking to configure SSSD with samba and winbind, similar to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/integrating_rhel_systems_directly_with_windows_active_directory/index#connecting-rhel-systems-directly-to-ad-using-samba-winbind_integrating-rhel-systems-directly-with-active-directory. I have attempted a few tries using SSSD directly which returns me domain information when I do the join, but I am not able to login using a domain account.
I can successfully join the realm
realm join -v --user=myjoinuser mydomain.com
Successfully enrolled machine in realm
Using getent password domainuser@mydomain.com, I am able to retrieve information from a user in the active directory:
domainuser@mydomain.com:*:[number]:[number]:Domain User:/home/domainuser@mydomain.com:/bin/bash
Login authenticates successfully then fails with an system error 4
pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty=/dev/pts/0 ruser= rhost= user=domainuser@mydomain.com
Could not autodiscover AD site value using DNS and ad_site option was not set in configuration. GPO will not work.
pam_sss(login:account): Access denied for user domainuser@mydomain.com: 4 (System error)
I do additionally see a failed startup of sssd-pam that mentions the sssd configuration contains the pam module, but it is trying to be socket activated?
So it boils down to either understanding how SSSD is trying to autodiscover the AD site (this way I can ask the central IT folks the correct question) or configuring this to use samba/winbind like I have on the CentOS/RHEL side. I am missing the winbind_krb5_localauth.so plugin for the winbind configuration and cannot find it as a part of the samba/krb5 packages provided by Ubuntu. Any information about configuring this to use Active Directory would be most appreciated.
