[OpenIndiana-discuss] Join to AD Domain with HA kpasswd server

Andrew Martin amartin at xes-inc.com
Thu Oct 9 15:41:58 UTC 2014


----- Original Message -----
> From: "Andre Kruger" <Andre.Kruger at TRW.COM>
> To: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>
> Sent: Thursday, October 9, 2014 3:51:46 AM
> Subject: Re: [OpenIndiana-discuss] Join to AD Domain with HA kpasswd server
> 
> I recently tried to (re)join a OI machine to my companies AD. I had it joined
> previously but my AD integration broke when the AD admins turned on LDAPS.
> OI does not have the required libraries to join an AD environment that has
> LDAPS enabled.
> 
> You can troubleshoot this further if you issue the join command yourself and
> at the same time running it in debug mode:
> 
> net ads join -U username -d5
> 
> If the domain you are trying to join does have LDAPS enabled you should see
> this line, "StartTLS not supported by LDAP client libraries!", a few lines
> from the bottom when the join completes. Unless you have other errors that
> first need fixing. Eventually however once you have them all sorted out you
> will get this error.
> 
Thanks for the idea - however in this case I don't think LDAPS is the problem,
since I can simply change these 3 lines to use one of the DCs directly rather
than ad.example.com and the join works:
       kdc = dc0.example.com
       admin_server = dc0.example.com
       kpasswd_server = dc0.example.com

> From: "The Outsider" <openindiana at out-side.nl>
> I think " joining domain failed (c0000001)" might give you a clue.
> When the NAT translates you computers ip-address to a new local, no dns
> reference will exist for that IP.

Hm... I have a DNS A record for ad.x-es.com, so it should exist when either
the DC or the OI client system try to do a DNS lookup...

Thanks,

Andrew



More information about the openindiana-discuss mailing list