Free Hosting Online for WorkStations

< Previous | Contents | Next >

5.8. Join the Active Directory


Now, restart chrony and samba and start sssd.


sudo systemctl restart chrony.service

sudo systemctl restart smbd.service nmbd.service sudo systemctl start sssd.service


Test the configuration by obtaining a Kerberos ticket:


sudo kinit Administrator


Verify the ticket with:


sudo klist


If there is a ticket with an expiration date listed, then it is time to join the domain:


sudo net ads join -k


A warning about "No DNS domain configured. Unable to perform DNS Update." probably means that there is no (correct) alias in /etc/hosts, and the system could not provide its own FQDN as part of the Active Directory update. This is needed for dynamic DNS updates. Verify the alias in /etc/hosts described in "Modify /etc/hosts" above.


(The message "NT_STATUS_UNSUCCESSFUL" indicates the domain join failed and something is incorrect. Review the prior steps before proceeding).


Here are a couple of (optional) checks to verify that the domain join was successful. Note that if the domain was successfully joined but one or both of these steps fail, it may be necessary to wait 1-2 minutes and try again. Some of the changes appear to be asynchronous.


Verification option #1:


Check the default Organizational Unit for computer accounts in the Active Directory to verify that the computer account was created. (Organizational Units in Active Directory is a topic outside the scope of this guide).


Verification option #2


Execute this command for a specific AD user (e.g. administrator)


getent passwd username


If enumerate = true is set in sssd.conf, getent passwd with no username argument will list all domain users. This may be useful for testing, but is slow and not recommended for production.


Top OS Cloud Computing at OnWorks: