Redhat 7.1 machine not joining Domain
Hello,
I have upgraded to Redhat 7.1 and I have trouble adding the machine to the domain. I followed a similar procedure on Redhat 6 and it worked fine but I see the issues below on the new server.
NTP is working correctly:
[root@server1 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
dc1 x.x.x.x 3 u 3 64 1 0.487 -2.571 0.000
*dc2 y.y.y.y 2 u 3 64 1 0.456 67.811 0.000
Get following errors joining it to the domain:
[root@server1 ~]# sudo net ads join -U adm-df@domain.ie -S 192.168.213.36 createcomputer="OU=LINUX,OU=SYSTEMS,DC=domain,DC=ie" -k
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.
Config as follows:
Change /etc/sysconfig/network-scripts/ifcfg-eth0 to ONBOOT=yes
subscription-manager register --username user1 --password pw--auto-attach --force
systemctl stop firewalld
iptables-save
Configure SELINUX=disabled in /etc/selinux/config
sudo yum install sssd krb5-workstation samba-common authconfig pam_krb5.x86_64 sssd-krb5-common.x86_64 pam_krb5.x86_64 yum install ntp.x86_64 ntpdate.x86_64 samba-common.x86_64 samba-libs.x86_64 samba-winbind.x86_64 samba.x86_64 telnet samba-winbind-clients.x86_64
sudo authconfig --enablekrb5 --krb5realm=domain.IE --krb5kdc=proddc1.domain.ie --krb5adminserver=dc1.domain.ie --enablekrb5kdcdns --enablekrb5realmdns --update
sudo yum -y install oddjob
sudo chown root:root /etc/sssd/sssd.conf
sudo chmod 0600 /etc/sssd/sssd.conf
Necessary config files as follows:
[root@server1 ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = domain.IE
dns_lookup_kdc = true
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
domain.IE = {
kdc = proddc1.domain.ie
admin_server = dc1.domain.ie
}
domain.IE = {
kdc = proddc1.domain.ie
admin_server = dc1.domain.ie
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
domain.ie = domain.IE
.domain.ie = domain.IE
[root@server1 ~]# grep -Ev '#|;' /etc/samba/smb.conf
[global]
workgroup = CORK
server string = Samba Server Version %v
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
realm = domain.IE
security = ads
interfaces = lo eno1
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[root@server1 ~]# cat /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = LOCAL,domain.ie
[domain/LOCAL]
description = LOCAL Users domain
id_provider = local
enumerate = true
min_id = 500
max_id = 999
[domain/domain.ie]
id_provider = ad
access_provider = simple
;simple_allow_users =
simple_allow_groups = server1_users, Linux_Admins
[nss]
[pam]
Any suggestions or any further information that's required.
