Fedora 30 fails to join Active Directory

adonist · October 4, 2019, 10:53am

Hi there,

I’m trying to configure our Fedora workstations to join our windows active directory with the following command:

realm join -U administrator --client-software=sssd domain.com

It gives me the following errors:

Couldn't create computer account: CN=F3BLK21, CN=Computers, DC=Domain, DC=com
problem 1006 (ATT_OR_VALUE_EXISTS), ATT 90303 (servicePrincipalName)

The machine hasn’t been added previously to the domain (Checking AD I can confirm there’s no computer object there for that machine).
Also this works fine on Centos 7 and Red Hat. All the same packages for Centos 7 and Red Hat 7 for this purpose is also installed on Fedora.

Any Ideas ?

Thanks

vgaetera · October 4, 2019, 2:37pm

Try to temporary disable SELinux, check the service, test domain discovery:

sudo setenforce 0
systemctl status sssd.service
realm discover example.com

See also: Join in Active Directory Domain on Fedora 30

adonist · October 8, 2019, 9:46am

Hi,

Sorry for the late reply. SELinux was disabled already. So that’s not the issue unfortunately.
SSSD service is also running. Realm discover works fine as well.

Thanks

vgaetera · October 8, 2019, 12:42pm

You should compare the related configs:

/etc/resolv.conf
/etc/nsswitch.conf
/etc/krb5.conf
/etc/krb5.conf.d/*
/etc/sssd/sssd.conf
/etc/pam.d/system-auth

I had a legacy domain that required to disable the /etc/krb5.conf.d/crypto-policies.

Topic		Replies	Views
Active Directory users are not showing after joining domain Ask Fedora workstation	4	3569	April 7, 2024
Samba ad dc server and KDC server both join to same domain but ad dc is not finding the KDC server Ask Fedora f35	0	153	June 9, 2022
Authentication with sssd and kerberos - Authentication failure Ask Fedora f32	3	1077	December 14, 2020
PostgreSQL, SSSD, Kerberos, and local logins Ask Fedora	4	2020	May 30, 2020
DNS issues when joining a domain Ask Fedora	8	1087	November 2, 2021

Fedora 30 fails to join Active Directory

Related Topics