rhevm-manage-domains fails to join domain, 'Error: Authentication Failed'

Latest response

Hello Team,

Greetings of the day ..!

i am getting error during join domain in red hat enterprise virtulization 3.

Error: Authentication Failed. Please verify the fully qualified domain name
that is used for authentication is correct.. Problematic domain is:
rhev.example.com
Failure while applying Kerberos configuration. Details: Authentication
Failed. Please verify the fully qualified domain name that is used for
authentication is correct.

I am configure Active Directory on windows 2008 server.

i am already tried following  solution but it did not resolve error .

kindly suggest me how to resolve this error.

looking for continued support.

Regards

Abhishek

aK
Log in to join the conversation

Responses

Sadique Puthen's picture Red Hat Guru 4649 points
26 March 2013 7:28 AM

You need to verify below points.

- RHEVM fqdn is resolavable forward and reverse by DNS. (Give dig/host output)

- FQDN of AD is resolvable forward and reverse. (give dig/host output)

- You have proper SRV records pointing to AD.

james.radtke@siriusxm.com's picture Guru 6863 points
26 March 2013 12:49 PM

Unfortunately using an actual domain for a POC environment can be problemsome.  (This is not always an issue, however).  I have learned to generally use .private or .local for my domain.  Make sure that your RHEV manager is using your Windows 2008 server as your DNS server (/etc/resolv.conf)

Try doing the following:

# nslookup -type=SRV _ldap._tcp.example.com

# host -t SRV _ldap._tcp.example.com
 

[root@neo ~]# nslookup -type=SRV _ldap._tcp.example.com
Server:         10.98.230.27
Address:        10.98.230.27#53

_ldap._tcp.example.com  service = 0 100 389 mvaddc01.example.com.
_ldap._tcp.example.com  service = 0 100 389 mpaddc02.example.com.
_ldap._tcp.example.com  service = 0 100 389 mpaddc01.example.com.
_ldap._tcp.example.com  service = 0 100 389 mvaddc01.example.com.
_ldap._tcp.example.com  service = 0 100 389 mpaddc01.example.com.

[root@neo ~]# host -t SRV _ldap._tcp.example.com
_ldap._tcp.example.com has SRV record 0 100 389 mpaddc02.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mpaddc01.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mvaddc01.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mpaddc01.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 mvaddc01.example.com.
 

I do not know of a way to fake SRV records using host files.  What I have done, when building my RHEV test environments was to install RHEL 6 on my physical machine, create a VM for my RHEV manager and another one for Red Hat Identity Management (formerly RH IPA, which is included with a RHEL subscription).  I first, get my DNS/IdM working, then I point my RHEV environment at my own DNS/IdM host.

Hopefully I have not confused the issue. ;-)

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.