Cant Join servers with RedHat 9 to Active Directoy domain
Cant join Linux RHEL9 servers to Active Directoy domain with windows servers 2022.
Problem with both Linux RHEL9 servers
It´s a lab and I´m using trial 60 days.
-
JOIN DOMAIN
https://www.redhat.com/sysadmin/linux-active-directory -
PROBLEM
-
sudo realm join --user=admin myDomain.local
realm: Couldn't join realm: Failed to join the domain
Please check
https://red.ht/support_rhel_ad
to get help for common issues. -
INSTALLED PACKETS
I´ve installed the following packets:
realmd
oddjob
oddjob-mkhomedir
sssd
adcli
openldap-clients
samba-common
samba-common-tools
krb5-workstation -
TROBLESHOOPTING - STEPS
4.1 Verifid the domain name:
Checked network connectivity: Can ping in bot direction Linux server <----> DomainController/DNS server
Check DNS configuration: Confirmed that the DNS settings on the RHEL9 client are correctly
4.2 Review journalctl logs:
sudo journalctl -xeu realmd
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Found computer account for RHEL9-SERVER-01$ at: CN=RHEL9-SERVER-01,CN=Computers,DC>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Trying to set computer password with Kerberos
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Set computer password
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Retrieved kvno '3' for computer account in directory: CN=RHEL9-SERVER-01,CN=Com>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Checking RestrictedKrbHost/rhel9-Server-01.myDomain.local
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added RestrictedKrbHost/rhel9-Server-01.myDomain.local
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Checking RestrictedKrbHost/RHEL9-SERVER-01
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added RestrictedKrbHost/RHEL9-SERVER-01
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Checking host/rhel9-Server-01.myDomain.local
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added host/rhel9-Server-01.myDomain.local
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Checking host/RHEL9-SERVER-01
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added host/RHEL9-SERVER-01
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Discovered which keytab salt to use
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added the entries to the keytab: RHEL9-SERVER-01$@MYDOMAIN.LOCAL: FILE:/etc/kr>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added the entries to the keytab: host/RHEL9-SERVER-01@MYDOMAIN.LOCAL: FILE:/et>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added the entries to the keytab: host/rhel9-Server-01.myDomain.local@MYDOMAIN>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added the entries to the keytab: RestrictedKrbHost/RHEL9-SERVER-01@MYDOMAIN.LO>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: * Added the entries to the keytab: RestrictedKrbHost/rhel9-Server-01.myDomain.lo>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: process exited: 2959
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: ! Failed to enroll machine in realm: Already have domain myDomain.local in ss>
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: released daemon: current-invocation
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: client gone away: :1.129
Jul 16 08:25:24 rhel9-Server-01.myDomain.local realmd[2939]: released daemon: :1.129
As you can see, the server is added to the domain and I can found the computer object in AD.
But the comand realm list displays nothing
And I cant use domain login to the server.
So something is wrong.
4.3 Checked the sssd.conf that eralier was empty and filled in the right configuraion:
[sssd]
domains = myDomain.local
config_file_version = 2
services = nss, pam
4.4 Restart SSSD service: Restart the SSSD service
4.5 sssd.service failed to start
System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: ena>
Active: failed (Result: exit-code) since Sun 2023-07-16 08:32:53 CEST; 5h >
Process: 840 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, stat>
Main PID: 840 (code=exited, status=4)
CPU: 14ms
Jul 16 08:32:52 rhel9-Server-01.myDomain.local systemd[1]: Starting System Securi>
Jul 16 08:32:53 rhel9-Server-01.myDomain.local sssd[840]: SSSD couldn't load the >
Jul 16 08:32:53 rhel9-Server-01.myDomain.local systemd[1]: sssd.service: Main pro>
Jul 16 08:32:53 rhel9-Server-01.myDomain.local systemd[1]: sssd.service: Failed w>
Jul 16 08:32:53 rhel9-Server-01.myDomain.local systemd[1]: Failed to start System>
4.6 sudo journalctl -xeu sssd.service:
Jul 16 14:18:26 rhel9-Server-01.myDomain.local sssd[3568]: SSSD couldn't load the configuration database [1432158322]: File ownership and permissions check failed
Jul 16 14:18:26 rhel9-Server-01.myDomain.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit sssd.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 4.
Jul 16 14:18:26 rhel9-Server-01.myDomain.local systemd[1]: sssd.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit sssd.service has entered the 'failed' state with result 'exit-code'.
Jul 16 14:18:26 rhel9-Server-01.myDomain.local systemd[1]: Failed to start System Security Services Daemon.
░░ Subject: A start job for unit sssd.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit sssd.service has finished with a failure.
░░
░░ The job identifier is 2979 and the job result is failed.
4.7 Set the owner and group to root and the permissions to 600
sudo chown root:root /etc/sssd/sssd.conf
sudo chmod 600 /etc/sssd/sssd.conf
etc/sssd/sssd.conf
-rw-r--r--. 1 root root 77 Jul 16 14:18 /etc/sssd/sssd.conf
4.8 sudo systemctl restart sssd
-failed with the same error
4.9 Temporary Disable SELinux settings
sudo sestatus
sudo setenforce 0
4.10 sudo systemctl restart sssd
-failed with the same error
4.11 Enable de SELinux settings
4.12 sudo less /var/log/sssd/sssd.log
[sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
[sssd] [confdb_init_db] (0x0020): Cannot convert INI to LDIF [1432158322]: [File ownership and permissions check failed]
[sssd] [confdb_setup] (0x0010): ConfDB initialization has failed [1432158322]: File ownership and permissions check failed
[sssd] [load_configuration] (0x0010): Unable to setup ConfDB [1432158322]: File ownership and permissions check failed
[sssd] [main] (0x0010): SSSD couldn't load the configuration database [1432158322]: File ownership and permissions check failed
[sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
[sssd] [confdb_init_db] (0x0020): Cannot convert INI to LDIF [1432158322]: [File ownership and permissions check failed]
[sssd] [confdb_setup] (0x0010): ConfDB initialization has failed [1432158322]: File ownership and permissions check failed
[sssd] [load_configuration] (0x0010): Unable to setup ConfDB [1432158322]: File ownership and permissions check failed
[sssd] [main] (0x0010): SSSD couldn't load the configuration database [1432158322]: File ownership and permissions check failed
~
4.13 sudo chown root:root /etc/sssd/sssd.conf
sudo chmod 600 /etc/sssd/sssd.conf
root@rhel9-Server-01 log]# ls -l sssd
total 8
-rw-------. 1 root root 1395 Jul 16 08:33 sssd_kcm.log
-rw-------. 1 root root 1146 Jul 16 14:18 sssd.log
4.14 Verify SELinux context
ls -Z /var/log/sssd/sssd*
The SELinux context is system_u:object_r:sssd_log_t:s0
4.15 sudo systemctl restart sssd
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xeu sssd.service" for details.
[root@rhel9-Server log]# ls -Z /var/log/sssd/sssd*
system_u:object_r:sssd_var_log_t:s0 /var/log/sssd/sssd_kcm.log system_u:object_r:sssd_var_log_t:s0 /var/log/sssd/sssd.log
4.16 ls - sssd
total 8
-rw-------. 1 root root 1395 Jul 16 08:33 sssd_kcm.log
-rw-------. 1 root root 1146 Jul 16 14:18 sssd.log
4.18 sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
4.19 sudo systemctl restart sssd:
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xeu sssd.service" for details.
4.20 ls -Z /var/log/sssd/sssd*
system_u:object_r:sssd_var_log_t:s0 /var/log/sssd/sssd_kcm.log system_u:object_r:sssd_var_log_t:s0 /var/log/sssd/sssd.log
[root@rhel9-Server log]# systemctl status sssd.service
× sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Sun 2023-07-16 14:38:15 CEST; 1min 48s ago
Process: 3725 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=4)
Main PID: 3725 (code=exited, status=4)
CPU: 13ms
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: Starting System Security Services Daemon...
Jul 16 14:38:15 rhel9-Server.myDomain.local sssd[3725]: SSSD couldn't load the configuration database [1432158322]: File ownership and permissions check failed
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: sssd.service: Failed with result 'exit-code'.
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: Failed to start System Security Services Daemon.
[root@rhel9-Server log]# journalctl -xeu sssd.service
Jul 16 14:38:15 rhel9-Server.myDomain.local sssd[3725]: SSSD couldn't load the configuration database [1432158322]: File ownership and permissions check failed
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit sssd.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 4.
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: sssd.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit sssd.service has entered the 'failed' state with result 'exit-code'.
Jul 16 14:38:15 rhel9-Server.myDomain.local systemd[1]: Failed to start System Security Services Daemon.
░░ Subject: A start job for unit sssd.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit sssd.service has finished with a failure.
░░
░░ The job identifier is 3267 and the job result is failed.
lines 71-93/93 (END)
4.21 sudo nano /etc/resolv.conf
Generated by NetworkManager
search lan nyDomain.local
nameserver "here is the gateway address"
nameserver "here is the ipv6 address"
nameserver "here is the ip4 address"
Is there any kind person who can guide me further or know what the problem is?
Really appreciates you answer
:0)
