Adding a Linux Server onto the Domain Server

Latest response

i understand you used to be able to do this using a program called Likewise but i cant find a link for this anymore is there anymore programs that can acheive this.

Thanks

Responses

Hi Mark,

Likewise is now called PowerBroker and sold by BeyondTrust.

Were you unable to find a solution with SSSD?

If you can explain what it is you need to achieve, I think there is a very good probability we can meet those requirements with the bits you already have access to.

[edit] Open Source licenced version of PowerBroker: http://www.powerbrokeropen.org/

br
Mark

Likewise's maker got purchased by Isilon (who was, in turn, purchased by EMC). Around the 6.5 timeframe, the pretty much completely redid the software and was re-branded "PowerBroker". Version 8 just released. PowerBroker comes in two editions: "Open" and "Enterprise".

The powerbrokeropen.org site is pretty much moribund (their last blog entry is January 2012 announcing the 6.5 release). Get the latest versions from the main BeyondTrust website (you have to sign up for sales-y emails to get the download, but they actually honor their unsubscribe button)

Thanks Mark, we need to add the Linux Server to our windows domain, basically so our users can log into the linux server, also so i can create a Security group in our active directory that will only allow certain users to access the linux system.

i beleive the Linux server will be used mainly for apache web server as well as data.

hope that helps

Thanks

Mark

Hi Mark,

I think that https://access.redhat.com/articles/704743 covers the use case you have mentioned.

it includes connecting to the AD Controller and setting access control through groups (or specific users).

let me know if there is more you need or if the document is not clear!

Many thanks,
Mark

Mark,

I see from the link comments that someone has mentioned adcli (in EPEL repo) to take care of the domain join portion.. is there a reason Red Hat aren't pursuing a more scripted/user friendly AD join process in RHEL 6 or even adopting adcli? I could only imagine the large number people asking this question of support.. I know I get it a regularly in mixed mode environments.

Thankfully SSSD has made the process a lot less painful.. (still waiting on some additional SSSD features) but the domain join part is still fiddlier than it needs to be.

-edit-

I notice adcli has made it's way into RHEL 7.. can I cross my fingers for adcli in the next RHEL 6 release?

Hi PixelDrift,

I regret, there are no plans for adcli in RHEL 6.

We can try for an RFE, but we are quite late into the RHEL 6 cycle and it is likely that we will be declined, especially as it is already in EPEL.

Let me know if you want to try,
Mark

hello mark i have followed the tutorial and when getting to the part of joining the domain im getting the following

[root@a ~]# net server
Invalid command: net rap server
Usage:
net rap server name Get the name of the server
net rap server domain Get the servers in this domain/workgroup
[root@a ~]# ^C
[root@a ~]# net rap server name
Enter root's password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED
[root@a ~]# net join AJLOCAL.com
Enter root's password:
Failed to join domain: failed to lookup DC info for domain 'AJLOCAL.com' over rpc: Logon failure
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain AJDC2012
Unable to find a suitable server for domain AJDC2012
[root@a ~]# net join AJDC2012.ajlocal.com
Enter root's password:
Failed to join domain: failed to find DC for domain AJDC2012.ajlocal.com
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain AJDC2012
Unable to find a suitable server for domain AJDC2012
[root@a ~]#

We are at the point here, where it would really help to see your configuration files. However, these forums are not where they should be posted.

Are you in a position to open a ticket and reference this discussion?

It looks to me like the DNS lookup isn't working and you need to specify the server in the [realms] and [domain_realm] section. That's a little bit speculative without the configs though.

Mark

Can you confirm that you can resolve the AD server's IP using DNS?

eg. using dig or nslookup.

hi mark i have attached the config files to my existing ticket