Hello
I am trying to join silverblue to a Active Directory domain server. I have joined many RHEL, CentOS, Fedora, Arch, Debian, and Windows systems to this Samba 4 domain controller. I cannot join Fedora silverblue to the domain using sssd or winbind.
The network and DNS are work without any issues, I went though the DNS resolution checks in the samba wiki. Setting up Samba as a Domain Member - SambaWiki
The AD DC server and the silverblue member are virtual machines on the same host, so I doubt ntp is an issue. I know the world smallst AD.
For joining the domain using winbind I followed the steps in the RHEL manual replacing dnf with rpm-ostree. The realm package was already installed
2.4. Joining a RHEL system to an AD domain
Configured the firewall using the command:
[root@dsk102 samba]# firewall-cmd --permanent --add-port={139/tcp,445/tcp}
success
[root@dsk102 samba]# firewall-cmd --reload
success
Test DNS
nslookup
[root@dsk102 samba]# nslookup srv11.ad.example.com
Server: 192.168.1.11
Address: 192.168.1.11#53
Name: srv11.ad.example.com
Address: 192.168.1.11
My server does not support reverse lookup.
Resolving SRV records
[root@dsk102 samba]# host -t SRV _ldap._tcp.ad.example.com
_ldap._tcp.ad.example.com has SRV record 0 100 389 srv11.ad.example.com
Local Host name resolution
[root@dsk102 samba]# getent hosts dsk102
192.168.245.102 dsk102.ad.example.com dsk102
After verify network and DNS configurations I used the realm command
# [root@dsk102 samba]# realm join --membership-software=samba --client-software=winbind ad.example.com
Password for Administrator:
See: journalctl REALMD_OPERATION=r527.1943
realm: Couldn't join realm: Joining the domain ad.example.com failed
Review the error
-- Journal begins at Wed 2022-03-16 18:55:55 MDT, ends at Wed 2022-03-16 22:09:58 MDT. --
Mar 16 22:07:15 dsk102.ad.example.com realmd[1946]: * Resolving: _ldap._tcp.ad.example.com
Mar 16 22:07:15 dsk102.ad.example.com realmd[1946]: * Performing LDAP DSE lookup on: 192.168.245.11
Mar 16 22:07:15 dsk102.sj.siegeltech.net realmd[1946]: * Successfully discovered: ad.example.com
Mar 16 22:07:20 dsk102.ad.example.com realmd[1946]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/winbindd, /usr/bin/wbinfo, /usr/bin/net
Mar 16 22:07:20 dsk102.ad.example.com realmd[1946]: * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.5EZ7I1 -U Administrator -k ads join ad.example.com
Mar 16 22:07:20 dsk102.ad.example.com realmd[1946]: WARNING: The option -k|--kerberos is deprecated!
Mar 16 22:07:20 dsk102.ad.example.com realmd[1946]: ADS join did not work, falling back to RPC...
Mar 16 22:07:22 dsk102.ad.example.com realmd[1946]: Failed to join domain: failed to lookup DC info for domain 'ad.example.com' over rpc: An invalid parameter was passed to a service or fun>
Mar 16 22:07:22 dsk102.ad.example.com realmd[1946]: Failed to join domain: failed to lookup DC info for domain 'SJ' over rpc: An invalid parameter was passed to a service or function.
Mar 16 22:07:22 dsk102.ad.example.com realmd[1946]: ! Joining the domain ad.example.comfailed
I have replaced the ad.example with my domain.
I was able to join the domain using sssd. After I get the system working with sssd i may circle back to resolving the issues with winbind. I was think of setup a NAS with Fedora IOT this will require using winbind. This desktop installation with silverblue/kinoite sssd should be suffcient.