RHEL 7.4 using realm cannot join the Windows AD
I am trying to join the domain for readhat server to our current Windows AD. The software using realm, to be honest I am not really familiar.
I installed the software needed but still have problem to connect/register to the domain.
This is what i did (server name I changed)
RHEL 7.4 server name: stl01
AD name: K1.LOCAL
AD server: kocdc01.k1.local
The command:
# hostname
stl01
# realm join --user=adm_narahariak@K1.L
.......
* Created computer account: CN=STL01,OU=Linux,OU=K1 Servers,DC=k1,DC=local
* Sending netlogon pings to domain controller: cldap://10.24.90.54
* Received NetLogon info from: KOCDC01.k1.local
! Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
adcli: joining domain k1.local failed: Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
#
It failed. But I checked in the OU, the name STL01 has been register (after i run the realm join command). Anyone experience with this?
Thank you,
Iwan Tamimi
I installed the software needed but still have problem to connect/register to the domain.
This is what i did (server name I changed)
RHEL 7.4 server name: stl01
AD name: K1.LOCAL
AD server: kocdc01.k1.local
The command:
# hostname
stl01
# realm join --user=adm_narahariak@K1.L
.......
* Created computer account: CN=STL01,OU=Linux,OU=K1 Servers,DC=k1,DC=local
* Sending netlogon pings to domain controller: cldap://10.24.90.54
* Received NetLogon info from: KOCDC01.k1.local
! Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
adcli: joining domain k1.local failed: Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
#
It failed. But I checked in the OU, the name STL01 has been register (after i run the realm join command). Anyone experience with this?
Thank you,
Iwan Tamimi
Last Comment
ASKER
dfke,
Thank you for your reply. I may know the problem, seems like the firewall need to open port 464 (keberos) for password change. We did ok in the development system only on production. i compared the ports between development and production, on production port 464 was not open.
i already request to open the firewall but since other dept. needs to do it, it took sometimes.
i will let you know.
Iwan
Thank you for your reply. I may know the problem, seems like the firewall need to open port 464 (keberos) for password change. We did ok in the development system only on production. i compared the ports between development and production, on production port 464 was not open.
i already request to open the firewall but since other dept. needs to do it, it took sometimes.
i will let you know.
Iwan
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hi,
happy to see it's solved.
Cheers
happy to see it's solved.
Cheers
Thank you, I have also faced the same issue and spent 3-4 hrs to resolve. After opening 464 port it got resolved.
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
commonly this is due to a DNS issue in your own domain. To authenticate properly DNS should be able to resolve the KDC in your domain. Typically the KDC should be installed on a domain controller but in your case it looks like it is installed elsewhere. When it is not able to resolve the server where the KDC resides it will result in such an error.
So preferably check your DNS and fix any issues. Either that or do the dirty method by adding the domain entries in /etc/hosts.
Cheers