Update: Made some progress. I reinstalled all the sssd and realm packages, created a
realmd.conf file and configured krb5.conf. It now creates the computer account but then
can not set the password for the computer account. Error: Cannot contact any KDC for
requested realm.
kinit domainadmin
[root@server01 etc]# realm join -v
abc.com
* Resolving:
_ldap._tcp.abc.com
* Performing LDAP DSE lookup on: x.x.161.252
* Performing LDAP DSE lookup on: x.x.161.251
* Successfully discovered:
abc.com
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd,
/usr/sbin/adcli
* LANG=C /usr/sbin/adcli join --verbose --domain
abc.com --domain-realm
abc.com
--domain-controller x.x.161.252 --computer-ou OU=Linux Servers,OU=Servers,DC=abc,DC=com
--login-type user --login-ccache=/var/cache/realmd/realm-ad-kerberos-1RWWUY
* Using domain name:
abc.com
* Calculated computer account name from fqdn: server01
* Using domain realm:
abc.com
* Sending netlogon pings to domain controller: cldap://x.x.161.252
* Received NetLogon info from:
dc02.abc.com
* Wrote out krb5.conf snippet to
/var/cache/realmd/adcli-krb5-YXbCzH/krb5.d/adcli-krb5-conf-sHH9Wy
* Looked up short domain name: abcAir
* Using fully qualified name: server01
* Using domain name:
abc.com
* Using computer account name: server01
* Using domain realm:
abc.com
* Calculated computer account name from fqdn: server01
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* Using fully qualified name: server01
* Using domain name:
abc.com
* Using computer account name: server01
* Using domain realm:
abc.com
* Looked up short domain name: Abc
* Computer account for server01$ does not exist
! Couldn't find a computer container in the ou, creating computer account directly
in: OU=Linux Servers,OU=Servers,DC=abc,DC=com
* Calculated computer account: CN=server01,OU=Linux Servers,OU=Servers,DC=abc,DC=com
* Created computer account: CN=server01,OU=Linux Servers,OU=Servers,DC=abc,DC=com
! Couldn't set password for computer account: server01$: Cannot contact any KDC for
requested realm
adcli: joining domain
abc.com failed: Couldn't set password for computer account:
server01$: Cannot contact any KDC for requested realm
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
realmd.conf
[root@server01 sssd]# more /etc/realmd.conf
[service]
automatic-install = no
[users]
default-home = /home/%D/%U
default-shell = /bin/bash
[a.hawaiian.aero]
computer-ou = OU=Linux Servers,OU=Servers,DC=abc,DC=com
automatic-id-mapping = yes
fully-qualified-names = no
[root@PHXRASPCI01 log]# more /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
# forwardable = true
rdns = false
default_realm =
ABC.COM
# default_ccache_name = KEYRING:persistent:%{uid}
# kdc_timesync = 1
[realms]
ABC.COM = {
kdc =
dc01.abc.com
kdc =
dc02.abc.com
admin_server =
dc01.abc.com
# default_domain =
ABC.COM
}
[domain_realm]
# .example.com =
EXAMPLE.COM
#
example.com =
EXAMPLE.COM