realm join AD

General support questions
Post Reply
adrian_fe
Posts: 1
Joined: 2021/07/19 07:37:26

realm join AD

Post by adrian_fe » 2021/07/19 11:11:59

Hello,

Having problems with adding CentOS7 to our enterprise network. This worked in the past and I have no idea why now is not working.
We have out main domain "company.com" but the servers we add are in different areas so they are in "de.company.com" domain.

What I do on the server

Code: Select all

yum install realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation

realm discover company.com
hella.com
  type: kerberos
  realm-name: COMPANY.COM
  domain-name: company.com
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  
realm join -v --user=myadminuser1 --computer-ou=OU=Linux,OU=Servers company.com

realm list
company.com
  type: kerberos
  realm-name: COMPANY.COM
  domain-name: company.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  login-formats: %U
  login-policy: allow-permitted-logins

authconfig --enablesssdauth --enablesssd --updateall	
 
So the server name is server1.de.company.com but this is joining company.com. If I look in AD at Linux Servers I see that the Suse servers have either the correct fqdn or only the hostname. for CentOS7 it's always servername.company.com even if the correct fqdn is servername.de.company.com.

I can see my user from AD

Code: Select all

[root@ici ~]# getent passwd myuser2
myuser2:*:1317420:131740:myuser2:/home/myuser2:/bin/bash
When I do

Code: Select all

ssh -l  fejoad2 localhost
I get in /var/log/secure

Code: Select all

pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=myuser2
Failed password for myuser2 from ::1 port 34000 ssh2
fatal: Access denied for user myuser2 by PAM account configuration [preauth]
I have changed for another server the name in AD to have the correct fqdn. There the message I see in /var/log/secure

Code: Select all

pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=myuser2
pam_sss(sshd:auth): received for user myuser2: 4 (System error)
Failed password for myuser2 from ::1 port 55422 ssh2
Connection closed by ::1 port 55422 [preauth]
Connection closed by 127.0.0.1 port 55518 [preauth]
So I have no idea what to check now and why CentOS 7 server are not joining with the FQDN.
Any suggestion is welcomed!

Post Reply