Find the answer to your Linux question:
Results 1 to 6 of 6

Thread: F19 Join to AD

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    F19 Join to AD


    I have a fresh install of F19, neither 'realm join' works:

    [root user]# realm join -U admin.thorley
    See: journalctl REALMD_OPERATION=r1095.2735
    realm: Cannot join this realm
    [root user]# journalctl REALMD_OPERATION=r1095.2735
    -- Logs begin at Fri 2013-07-12 13:15:06 BST, end at Wed 2013-07-17 21:37:33 BST. --
    Jul 17 21:37:12 simonpc-fed.home.local realmd[2738]:  * Resolving: _ldap._tcp.home.local
    Jul 17 21:37:12 simonpc-fed.home.local realmd[2738]:  * Performing LDAP DSE lookup on:
    Jul 17 21:37:12 simonpc-fed.home.local realmd[2738]:  ! Received invalid or unsupported Netlogon data from server
    [root user]#
    And also samba-tool from samba4 seems to be missing so no domain join there. Do i have to go back to the manual config of smb.conf, krb5.conf, etc and then do a 'net ads join' again or am i missing something?

    p.s. i have a fedup'd F18 to f19 that was joined to AD using realmd before upgrade and that is still working fine on the domain (including realm leave and realm join).

    Thanks in advance.

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Virginia, USA

    I have not tried this yet, but I might do so later today/this week and let you know the results. Anyway, according to this: Active Directory client software
    you need to specify that you want to use Winbind if you're using samba. Obviously, winbind must be installed.

    This is my gripe with RH/Fedora. They make a lot of great tools, but don't always tell you what pieces need to be in place to use them. Interested to hear if this works before I try it (haven't dl'd F19 yet).

  3. #3
    Linux Engineer
    Join Date
    Apr 2012
    Virginia, USA
    Okay, because I'm a nice guy, I have worked this all out
    I have installed F19 stable from Netinstall CD using minimal install, no desktop. Make sure your network and DNS settings are working, obviously.

    To successfully join a Windows 2008r2 AD domain using NTLMv2, I have done the following:
    yum install realmd
    realm discover --verbose

    That will tell you what software you need to install (samba-common doesn't show up, but it will if you try to join a domain and it's not installed).
    yum install sssd oddjob oddjob-mkhomedir adcli samba-common
    realm join --client-software=sssd -U mydomainadmin
    That should prompt for a password, and if successful, absolutely nothing will be displayed on STDOUT.
    To test if you have successfully joined the domain, use
    getent passwd EXAMPLE\\mydomainuser
    and you should get a long passwd line.

    Now, if you want to only allow certain users to log in, you can run the next two commands:
    realm deny --all
    realm permit

    Hope that helps.

  4. $spacer_open
  5. #4
    Hi Mizzle,

    Thanks for your efforts, much appreciated. I have used realmd a few times previously without any real struggle and have setup a lot of ad integrated linux machines before. It just seems that in F19 they thought that F18 realm join command was too easy and decided to make it more complicated.

    I will walk through your post when I get home and let you know the results.

    Thanks again

  6. #5
    I'm afraid I get the same error on both discover and join commands. Starting to think it might be server side so gonna do some more testing with another domain member.

  7. #6

    I have setup 2 VM's. A Win7 and F19, both fresh installs.

    The windows 7 machine joined the domain fine but i have the same fault with the F19..

    I did a wireshark capture and found that there were 2 LDAP search query done during the 'realm discovery' conversation.

    The 1st query was a search for the defaultNamingContext and supportedCapabilities attributes. This got a successful search response packet and a result of 1.

    the 2nd query was a search for the NetLogon attribute. This also got a successful search response packet but it had a result of 0 so no attribute details.

    This seems to correspond to the original error message:

    ! Received invalid or unsupported Netlogon data from server
    I am not sure if the is the direct fault of the failure but after the search result there are 4 other TCP packets including FIN's and ACK's and thats it. End of conversation.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts