On 06/05/2013 03:37 PM, Stef Walter wrote:
What does work, and has been tested is logging in as root and simply
typing this:
realm join mydomain.com
I filed https://bugzilla.redhat.com/show_bug.cgi?id=975182 because of
confusing error messages when there is no pre-existing AD computer acct:
realm join --user=przemek mydomain
...
Password for przemek:
...
Enter przemek's password:
Failed to join domain: User specified does not have administrator privileges
! Insufficient permissions to join the domain mydomain
realm: Couldn't join realm: Insufficient permissions to join the domain
The error message is incorrect---I do have the required privileges: the
real reason is that at this point the domain has to have a computer
account created for this computer, and it didn't. If I create the
computer account in Windows AD and retry, the operation succeeds:
realm join --user=przemek mydomain
...
Password for przemek:
...
Enter przemek's password:
DNS update failed: NT_STATUS_UNSUCCESSFUL
Using short domain name -- MYDOMAIN
Joined 'myhost' to dns domain 'mydomain'
DNS Update for myhost failed: ERROR_DNS_GSS_ERROR
* LANG=C LOGNAME=root /usr/bin/net -s
/var/cache/realmd/realmd-smb-conf.3WTOYW -U przemek ads keytab create
Enter przemek's password:
* /usr/bin/systemctl enable sssd.service
ln -s '/usr/lib/systemd/system/sssd.service'
'/etc/systemd/system/multi-user.target.wants/sssd.service'
* /usr/bin/systemctl restart sssd.service
* /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd
--enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl
enable oddjobd.service
* Successfully enrolled machine in realm
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
