Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
  • Redhat 7.1 machine not joining Domain

    Posted on

    Hello,

    I have upgraded to Redhat 7.1 and I have trouble adding the machine to the domain. I followed a similar procedure on Redhat 6 and it worked fine but I see the issues below on the new server.

    NTP is working correctly:

    [root@server1 ~]# ntpq -p

    remote refid st t when poll reach delay offset jitter

    dc1 x.x.x.x 3 u 3 64 1 0.487 -2.571 0.000
    *dc2 y.y.y.y 2 u 3 64 1 0.456 67.811 0.000

    Get following errors joining it to the domain:
    [root@server1 ~]# sudo net ads join -U adm-df@domain.ie -S 192.168.213.36 createcomputer="OU=LINUX,OU=SYSTEMS,DC=domain,DC=ie" -k
    Host is not configured as a member server.
    Invalid configuration. Exiting....
    Failed to join domain: This operation is only allowed for the PDC of the domain.

    Config as follows:
    Change /etc/sysconfig/network-scripts/ifcfg-eth0 to ONBOOT=yes
    subscription-manager register --username user1 --password pw--auto-attach --force
    systemctl stop firewalld
    iptables-save

    Configure SELINUX=disabled in /etc/selinux/config

    sudo yum install sssd krb5-workstation samba-common authconfig pam_krb5.x86_64 sssd-krb5-common.x86_64 pam_krb5.x86_64 yum install ntp.x86_64 ntpdate.x86_64 samba-common.x86_64 samba-libs.x86_64 samba-winbind.x86_64 samba.x86_64 telnet samba-winbind-clients.x86_64

    sudo authconfig --enablekrb5 --krb5realm=domain.IE --krb5kdc=proddc1.domain.ie --krb5adminserver=dc1.domain.ie --enablekrb5kdcdns --enablekrb5realmdns --update

    sudo yum -y install oddjob

    sudo chown root:root /etc/sssd/sssd.conf

    sudo chmod 0600 /etc/sssd/sssd.conf

    Necessary config files as follows:

    [root@server1 ~]# cat /etc/krb5.conf
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    [libdefaults]
    dns_lookup_realm = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false

    default_realm = EXAMPLE.COM

    default_ccache_name = KEYRING:persistent:%{uid}

    default_realm = domain.IE
    dns_lookup_kdc = true
    [realms]

    EXAMPLE.COM = {

    kdc = kerberos.example.com

    admin_server = kerberos.example.com

    }

    domain.IE = {
    kdc = proddc1.domain.ie
    admin_server = dc1.domain.ie
    }

    domain.IE = {
    kdc = proddc1.domain.ie
    admin_server = dc1.domain.ie
    }

    [domain_realm]

    .example.com = EXAMPLE.COM

    example.com = EXAMPLE.COM

    domain.ie = domain.IE
    .domain.ie = domain.IE

    [root@server1 ~]# grep -Ev '#|;' /etc/samba/smb.conf

    [global]

        workgroup = CORK
        server string = Samba Server Version %v
        client signing = yes
        client use spnego = yes
        kerberos method = secrets and keytab
        log file = /var/log/samba/%m.log
        realm = domain.IE
        security = ads
    
    
        interfaces = lo eno1
    
    
    
        log file = /var/log/samba/log.%m
        max log size = 50
    
    
        security = user
        passdb backend = tdbsam
    
    
        load printers = yes
        cups options = raw
    

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

    [root@server1 ~]# cat /etc/sssd/sssd.conf
    [sssd]
    services = nss, pam
    config_file_version = 2
    domains = LOCAL,domain.ie

    [domain/LOCAL]
    description = LOCAL Users domain
    id_provider = local
    enumerate = true
    min_id = 500
    max_id = 999

    [domain/domain.ie]
    id_provider = ad

    access_provider = simple
    ;simple_allow_users =
    simple_allow_groups = server1_users, Linux_Admins

    [nss]

    [pam]

    Any suggestions or any further information that's required.

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat