Hi, new user here, I have no experience with any Linux at all and am learning Fedora 32 as part of a networking and server course.
I have setup a VMWare virtual lab with a Windows domain controller acting as DNS/DHCP server and with routing to the outside network and internet with the standard contoso.com domain. I can currently connect to the internet through this domain controller but when I attempt to join the domain using realm join CONTOSO.COM with password I am faced with
[fparke@FedServ ~]$ realm join CONTOSO.COM
Password for Administrator:
See: journalctl REALMD_OPERATION=r3325.3180
realm: Couldn’t join realm: Failed to join the domain
So I had a look at the journalctl line and it looks like a kerberos problem (see below)
[fparke@FedServ ~]$ journalctl REALMD_OPERATION=r3325.3180
– Logs begin at Fri 2021-06-04 10:14:42 AEST, end at Fri 2021-06-04 15:25:41 AEST. –
Jun 04 15:25:08 FedServ.contoso.com realmd[3183]: * Resolving: _ldap._tcp.contoso.com
Jun 04 15:25:08 FedServ.contoso.com realmd[3183]: * Performing LDAP DSE lookup on: 192.168.10.136
Jun 04 15:25:08 FedServ.contoso.com realmd[3183]: * Performing LDAP DSE lookup on: 192.168.1.2
Jun 04 15:25:08 FedServ.contoso.com realmd[3183]: * Successfully discovered: contoso.com
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * LANG=C /usr/sbin/adcli join --verbose --domain contoso.com --domain-realm CONTOSO.COM --domain-controller 192.168.10.136 --login-type user --login-user Administrator --stdin-password
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Using domain name: contoso.com
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Calculated computer account name from fqdn: FEDSERV
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Using domain realm: contoso.com
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Sending NetLogon ping to domain controller: 192.168.10.136
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Received NetLogon info from: ServerA-RWDC.contoso.com
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-hCJ88t/krb5.d/adcli-krb5-conf-t5gLZu
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: ! Couldn’t authenticate as: Administrator@CONTOSO.COM: KDC has no support for encryption type
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: adcli: couldn’t connect to contoso.com domain: Couldn’t authenticate as: Administrator@CONTOSO.COM: KDC has no support for encryption type
Jun 04 15:25:15 FedServ.contoso.com realmd[3183]: ! Failed to join the domain
[fparke@FedServ ~]$
when I attempt to access krb5.conf at /etc/krb5.conf I get the below result
[fparke@FedServ ~]$ /etc/krb5.conf
bash: /etc/krb5.conf: Permission denied
I should add that I have the exact same problems while logged in as the root user.
Any help would be greatly appreciated. I have found bits and pieces of information throughout the web but any help given would just talk in general terms about changing things in the krb5.conf but with no explanation as to how to do so or what actual commands to put into the terminal to go about fixing the problem. I would appreciate a more step by step approach for a solution to my problem … if that is possible.
I have installed vsftpd, postfix, dovecot and samba so far but this stumbling block has prevented me from experimenting further with the Fedora environment.
Thanks in advance to anyone who can help with my problem.