Call for Bikeshedding: remote auth at install time

Przemek Klosowski przemek.klosowski at nist.gov
Mon Jun 17 18:44:11 UTC 2013


On 06/05/2013 03:37 PM, Stef Walter wrote:

> What does work, and has been tested is logging in as root and simply
> typing this:
>
> realm join mydomain.com

I filed https://bugzilla.redhat.com/show_bug.cgi?id=975182 because of 
confusing error messages when there is no pre-existing AD computer acct:

realm join --user=przemek mydomain
...
Password for przemek:
...
Enter przemek's password:	
Failed to join domain: User specified does not have administrator privileges
! Insufficient permissions to join the domain mydomain
realm: Couldn't join realm: Insufficient permissions to join the domain


The error message is incorrect---I do have the required privileges:  the 
real reason is that at this point the domain has to have a computer 
account created for this computer, and it didn't. If I create the 
computer account in Windows AD and retry, the operation succeeds:

realm join --user=przemek mydomain
...
Password for przemek:
...
Enter przemek's password:
DNS update failed: NT_STATUS_UNSUCCESSFUL	
Using short domain name -- MYDOMAIN
Joined 'myhost' to dns domain 'mydomain'
DNS Update for myhost failed: ERROR_DNS_GSS_ERROR
* LANG=C LOGNAME=root /usr/bin/net -s 
/var/cache/realmd/realmd-smb-conf.3WTOYW -U przemek ads keytab create
Enter przemek's password:
* /usr/bin/systemctl enable sssd.service
ln -s '/usr/lib/systemd/system/sssd.service' 
'/etc/systemd/system/multi-user.target.wants/sssd.service'							
* /usr/bin/systemctl restart sssd.service
* /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd 
--enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl 
enable oddjobd.service	
* Successfully enrolled machine in realm




More information about the devel mailing list