AD: domain not available

activedirectory
v7

#1

NethServer Version: 7.4.1708
Module: Active Directory local accounts

I followed the instruction as best as I could

On a Windows 10 Desktop I am able to join the domain; the computer reboots…when I log in to the domain I get the following error:

“We can’t sign you in with this credential because your domain isn’t available. Make sure your device is connected to your organization’s network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.”

My Nethserver is configured this way:

Configuration > Accounts provider

Samba DC version - 4.6.14
DNS domain name - ad.example.com
NetBIOS domain name - MYDOMAIN
Domain Controller IP address - 10.1.10.145

Configuration > DHCP > DHCP server

[*]br0 - green
IP range start - 10.1.10.150
IP range end - 10.1.10.254
Gateway IP - 10.1.10.1

Configuration > Network

br0 LAN (green) 10.1.10.19 (Static IP)
ens8 Bridged (br0)
eth0 Internet (red) - red1 10.1.10.83
eth0:0 Alias 50.24.91.140 (public ip)

Configuration > Network > DNS servers

Primary DNS - 75.75.75.75
Secondary DNS - 75.75.76.76

Configuration > Server name

server1.example.com

In my host I created the following A records
nsdc-mydomain.example.com -
ad.example.com -
server1.example.com
I have also requested and enabled Letsencrypt certificates for my domain names


Howto install NethServer as Samba AD domain controller v0.2
(Michael Träumner) #2

Can you login with a local user and ping the DNS-Server (Your Nethserver) by name?


#3

@m.traeumner @davidep I am able to ping the DNS-Server (10.1.10.145).

# netstat -i
Kernel Interface table`
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
br0 1500 669 0 0 0 21 0 0 0 BMRU
ens8 1500 1161 0 0 0 304 0 0 0 BMRU
eth0 1500 4013 0 0 0 3859 0 0 0 BMRU
eth0:0 1500 - no statistics available - BMRU
lo 65536 741 0 0 0 741 0 0 0 LRU
vb-nsdc 1500 261 0 0 0 982 0 0 0 BMRU

ip link set br0 promisc on

cat /etc/krb5.conf
Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}

default_realm = AD.EXAMPLE.COM
[realms]
AD.EXAMPLE.COM = {
}

[domain_realm]
ad.example.com = AD.EXAMPLE.COM
.ad.example.com = AD.EXAMPLE.COM

config show sssd
sssd=service
AdDns=10.1.10.145
BindDN=ldapservice@AD.EXAMPLE.COM
BindPassword=c_ZFDyHiEi6zbaLi
LdapURI=
Provider=ad
Realm=AD.EXAMPLE.COM
Workgroup=MYDOMAIN
status=enabled

config show dns
dns=configuration
NameServers=10.1.10.145,75.75.76.76

config show nsdc
nsdc=service
IpAddress=10.1.10.45
ProvisionType=newdomain
bridge=br0
status=enabled


(Jeroen Visser) #4

Your DNS server should be your nsdc container, as windows clients need the authorative DNS server for the domain configured to be able to connect properly.

config show nsdc hints that your nsdc IP is 10.1.10.45 while you reference 10.1.10.145 as the AD DNS in sssd conf.

other then that I followed this guide quite a few times myself to iron out issues, so none should be expected. Please let me know if this wasnt it, I will then try myself to see where I get.