rhevm-manage-domains fails to join domain, 'Error: Authentication Failed'

Latest response

Hello Team,

Greetings of the day ..!

i am getting error during join domain in red hat enterprise virtulization 3.

Error: Authentication Failed. Please verify the fully qualified domain name
that is used for authentication is correct.. Problematic domain is:
rhev.example.com
Failure while applying Kerberos configuration. Details: Authentication
Failed. Please verify the fully qualified domain name that is used for
authentication is correct.

I am configure Active Directory on windows 2008 server.

i am already tried following  solution but it did not resolve error .

kindly suggest me how to resolve this error.

looking for continued support.

Regards

Abhishek

Responses

You need to verify below points.

- RHEVM fqdn is resolavable forward and reverse by DNS. (Give dig/host output)

- FQDN of AD is resolvable forward and reverse. (give dig/host output)

- You have proper SRV records pointing to AD.

Unfortunately using an actual domain for a POC environment can be problemsome.  (This is not always an issue, however).  I have learned to generally use .private or .local for my domain.  Make sure that your RHEV manager is using your Windows 2008 server as your DNS server (/etc/resolv.conf)

Try doing the following:

# nslookup -type=SRV _ldap._tcp.example.com

# host -t SRV _ldap._tcp.example.com
 

[root@neo ~]# nslookup -type=SRV _ldap._tcp.example.com
Server:         10.98.230.27
Address:        10.98.230.27#53

_ldap._tcp.example.com  service = 0 100 389 mvaddc01.example.com.
_ldap._tcp.example.com  service = 0 100 389 mpaddc02.example.com.
_ldap._tcp.example.com  service = 0 100 389 mpaddc01.example.com.
_ldap._tcp.example.com  service = 0 100 389 mvaddc01.example.com.
_ldap._tcp.example.com  service = 0 100 389 mpaddc01.example.com.

[root@neo ~]# host -t SRV _ldap._tcp.example.com
_ldap._tcp.example.com has SRV record 0 100 389 mpaddc02.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mpaddc01.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mvaddc01.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mpaddc01.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mvaddc01.example.com.
 

I do not know of a way to fake SRV records using host files.  What I have done, when building my RHEV test environments was to install RHEL 6 on my physical machine, create a VM for my RHEV manager and another one for Red Hat Identity Management (formerly RH IPA, which is included with a RHEL subscription).  I first, get my DNS/IdM working, then I point my RHEV environment at my own DNS/IdM host.

Hopefully I have not confused the issue. ;-)