RHEL 7.4 using realm cannot join the Windows AD
I am trying to join the domain for readhat server to our current Windows AD. The software using realm, to be honest I am not really familiar.
I installed the software needed but still have problem to connect/register to the domain.
This is what i did (server name I changed)
RHEL 7.4 server name: stl01
AD name: K1.LOCAL
AD server: kocdc01.k1.local
The command:
# hostname
stl01
# realm join --user=adm_narahariak@K1.L
.......
* Created computer account: CN=STL01,OU=Linux,OU=K1 Servers,DC=k1,DC=local
* Sending netlogon pings to domain controller: cldap://10.24.90.54
* Received NetLogon info from: KOCDC01.k1.local
! Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
adcli: joining domain k1.local failed: Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
#
It failed. But I checked in the OU, the name STL01 has been register (after i run the realm join command). Anyone experience with this?
Thank you,
Iwan Tamimi
I installed the software needed but still have problem to connect/register to the domain.
This is what i did (server name I changed)
RHEL 7.4 server name: stl01
AD name: K1.LOCAL
AD server: kocdc01.k1.local
The command:
# hostname
stl01
# realm join --user=adm_narahariak@K1.L
.......
* Created computer account: CN=STL01,OU=Linux,OU=K1 Servers,DC=k1,DC=local
* Sending netlogon pings to domain controller: cldap://10.24.90.54
* Received NetLogon info from: KOCDC01.k1.local
! Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
adcli: joining domain k1.local failed: Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
#
It failed. But I checked in the OU, the name STL01 has been register (after i run the realm join command). Anyone experience with this?
Thank you,
Iwan Tamimi
ASKER
dfke,
Thank you for your reply. I may know the problem, seems like the firewall need to open port 464 (keberos) for password change. We did ok in the development system only on production. i compared the ports between development and production, on production port 464 was not open.
i already request to open the firewall but since other dept. needs to do it, it took sometimes.
i will let you know.
Iwan
Thank you for your reply. I may know the problem, seems like the firewall need to open port 464 (keberos) for password change. We did ok in the development system only on production. i compared the ports between development and production, on production port 464 was not open.
i already request to open the firewall but since other dept. needs to do it, it took sometimes.
i will let you know.
Iwan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
happy to see it's solved.
Cheers
happy to see it's solved.
Cheers
Thank you, I have also faced the same issue and spent 3-4 hrs to resolve. After opening 464 port it got resolved.
commonly this is due to a DNS issue in your own domain. To authenticate properly DNS should be able to resolve the KDC in your domain. Typically the KDC should be installed on a domain controller but in your case it looks like it is installed elsewhere. When it is not able to resolve the server where the KDC resides it will result in such an error.
So preferably check your DNS and fix any issues. Either that or do the dirty method by adding the domain entries in /etc/hosts.
Cheers