authconfig acting badly in Fedora 20

Posted on

I know Fedora is community supported. But this is a community forum so I'll ask here and see if anyone has any guidance. And there may be some relevance to RHEL 7.

I want to add a Fedora 20 system as a member server in a Win2008R2 domain. The goal is for that Fedora system to offer a CIFS share and then I'll back up some Windows servers to it. A home-made NAS from donated equipment for my church.

And I'm close. From ADUC on my Windows domain controller, I see it in the Windows domain. But when I try to connect to it - it's name is nfsa - by doing\nfsa, I get Access Denied errors.

The Fedora docs offer some guidance for all this and the Samba howtos offer some more. But part of the guidance from the Samba Howts has me editing a bunch of .conf files by hand. Red Hat has a tool named authconfig that's supposed to take care of all that for me. Run authconfig with the correct parameters and it does it all. Or so goes the promise.

This is the tie-in with RHEL 7. Looking at the RHEL7 Windows Integration Guide at

I see an example in section 4.3.2, step 4. This shows all the parameters to feed authconfig to make it do what I want. Or so it claims. But it uses a parameter named --enablewinbindkrb5 that doesn't exist. And a couple of the parameters in the example need equal signs (parameter=value instead of parameter [space] value). In fairness, that book above is part of RHEL 7 and I'm doing this from Fedora 20 so maybe they are different. Working around that and based on the example, I put this little script together:

[root@nfsa gregs]# more


authconfig \
--enablewinbind \
--enablewins \
--enablewinbindauth \
--smbsecurity=ads \
--smbworkgroup=EHAC \
--smbrealm=EHAC.LOCAL \
--smbservers=ehcserver1.ehac.local \
--krb5realm=EHAC.LOCAL \
--enablewinbindoffline \
--enablekrb5 \
--winbindtemplateshell=/bin/sh \
--winbindjoin=administrator \
--update \
--enablelocauthorize \
[root@nfsa gregs]#

When I run it, it makes copies of a bunch of config files and saves them in my /home/gregs/backups directory. But it never updates any of the real .conf files - just one big no-op. Pasting above into a puTTY window and running by hand gives the same result. Checking for $? right after running authconfig by hand returns 0 - a success code. Yet nothing updates when I run it.

So how do I do this? Surely there's nice, clean, easily reproducible way to make a Linux system offer a share as a member server in a modern A/D domain. Or is authconfig broken and I need to edit a bunch of .conf files by hand and do this with random trial and error?


  • Greg Scott