asked on
I need help with an Ansible role to join Linux servers to a Windows Domain in AWS.
Hello Experts:
I am writing an Ansible role that connects Linux servers to a Windows Domain in AWS. However, I am getting nowhere. The requirement is to use the System Security Services Daemon (SSSD) and realm.
This is my Ansible code in tasks/main.yml (this is the only place where I have code):
---
# tasks file for Join_Linux_to_AD
#
- name: Install Required Packages
yum:
name:
- realmd
- sssd
- oddjob
- oddjob-mkhomedir
- adcli
- krb5-workstation
- samba-common-tools
state: latest
- name: Join Linux Server to AD
shell: |
echo "myP@ssword" | realm join -v -U Administrator WILLIE.COM
realm list
register: realm_results
- name: See the Results from Joining
debug:
msg: "{{ realm_results }}"
I have the IP (172.31.82.130) of the Windows Domain in /etc/resolv.conf of the Linux server:
# Generated by NetworkManager
search ec2.internal
nameserver 172.31.82.130
nameserver 172.31.0.2
This is the results of my Ansible role as written above:
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.31.90.156]
TASK [Join_Linux_to_AD : Install Required Packages] ****************************
ok: [172.31.90.156]
TASK [Join_Linux_to_AD : Join to AD if Server is REHL8.4] **********************
changed: [172.31.90.156]
TASK [Join_Linux_to_AD : See the Results from Joining] *************************
ok: [172.31.90.156] => {
"msg": {
"changed": true,
"cmd": "echo \"thinkpad@102\" | realm join -v -U Administrator WILLIE.COM\nrealm list\n",
"delta": "0:02:14.885949",
"end": "2021-12-16 16:09:07.422984",
"failed": false,
"rc": 0,
"start": "2021-12-16 16:06:52.537035",
"stderr": " * Resolving: _ldap._tcp.willie.com\n * Resolving: willie.com\n * Performing LDAP DSE lookup on: 198.58.118.167\n * Performing LDAP DSE lookup on: 173.255.194.134\n * Performing LDAP DSE lookup on: 96.126.123.244\n ! Can't contact LDAP server\n * Performing LDAP DSE lookup on: 72.14.185.43\n ! Can't contact LDAP server\n * Performing LDAP DSE lookup on: 72.14.178.174\n ! Can't contact LDAP server\n * Performing LDAP DSE lookup on: 45.79.19.196\n ! Discovery timed out after 15 seconds\nrealm: No such realm found\nPlease check\n https://red.ht/support_rhel_ad \nto get help for common issues.",
"stderr_lines": [
" * Resolving: _ldap._tcp.willie.com",
" * Resolving: willie.com",
" * Performing LDAP DSE lookup on: 198.58.118.167",
" * Performing LDAP DSE lookup on: 173.255.194.134",
" * Performing LDAP DSE lookup on: 96.126.123.244",
" ! Can't contact LDAP server",
" * Performing LDAP DSE lookup on: 72.14.185.43",
" ! Can't contact LDAP server",
" * Performing LDAP DSE lookup on: 72.14.178.174",
" ! Can't contact LDAP server",
" * Performing LDAP DSE lookup on: 45.79.19.196",
" ! Discovery timed out after 15 seconds",
"realm: No such realm found",
"Please check",
" https://red.ht/support_rhel_ad ",
"to get help for common issues."
],
"stdout": "",
"stdout_lines": []
}
}
PLAY RECAP *********************************************************************
172.31.90.156 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
None of these IPs:
198.58.118.167
173.255.194.134
96.126.123.244
72.14.185.43
72.14.178.174
45.79.19.196
are known to me. I do not know where they are coming from and/or why.
This is a picture of how my Windows Domain controller looks like (this is a test controller in AWS):
This environment is in AWS.
Thanks!
LinuxWindows OSAWS* Ansible
Last Comment
arnold
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
This is what I have in DNS (on the controller):
and
and
ASKER
Now, I am getting a different response.
It seems that my Linux server finds the Windows Domain Controller.
[root@ip-172-31-90-156 ~]# nslookup -q=SRV _ldap._tcp.DC._msdcs.willie.com
Server: 172.31.82.130
Address: 172.31.82.130#53
_ldap._tcp.DC._msdcs.willie.com service = 0 100 389 ec2amaz-tm1bpvd.willie.com.
[root@ip-172-31-90-156 ~]#
It seems that my Linux server finds the Windows Domain Controller.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hello arnold:
It is working now.
I just needed to make sure to have the Windows Domain Controller IP in the /ect/resolv.conf and its network interface /etc/sysconfig/network-scripts/ifcgt-*.
As I was googling the response of your command above, that search led me to this.
It is working now.
and
It is working now.
I just needed to make sure to have the Windows Domain Controller IP in the /ect/resolv.conf and its network interface /etc/sysconfig/network-scripts/ifcgt-*.
As I was googling the response of your command above, that search led me to this.
It is working now.
[root@ip-172-31-90-156 network-scripts]# more ifcfg-ens3
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens3
UUID=02cc87e6-dc7c-4c9e-a530-f908611c7f5e
DEVICE=ens3
ONBOOT=yes
DNS1=172.31.82.130
PEERDNS=yes
[root@ip-172-31-90-156 network-scripts]#
and
[root@ip-172-31-90-156 network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
search ec2.internal
nameserver 172.31.82.130
nameserver 172.31.0.2
[root@ip-172-31-90-156 network-scripts]#
Note , NetworkManager, automatically adds DNS records. so make sure it is not importing the 172.31.0.2 from the DHCP server from which it gets the IP:
BOOTPROTO=dhcp
BOOTPROTO=dhcp
It seems it does not find it:
Open in new window
Thanks!