I have a new Centos 8 box. I also have Windows 2016-based domain controller that serves all my windows servers and workstations (about 10 altogether). I successfully joined AD – or at least it looks like it was successful. Cockpit shows correct domain, and I can do kinit:
# kinit adadmin
Password for adadmin@EXAMPLE.COM
#
(and if the password is wrong, I get kinit: Password incorrect while getting initial credentials as expected).
However, I cannot connect with as AD user. I also get the following errors:
# id adadmin
id: `adadmin': no such user
and
# net ads info
ads_connect: No logon servers are currently available to service the logon request.
Didn't find the ldap server!
Finally, I get the following error in /var/log/messages:
Nov 11 22:32:43 centos8 sssd[be[example.com]][12694]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
I tried different things in krb5.conf and sssd.conf – but it didn't make a difference
Best Answer
Since it was a new test machine, and nobody had any suggestions, I decided to trash this VM and start again. This time, rather than following "Join Domain" link on the cockpit page, I followed the instructions to "manually" join the domain. This worked perfectly fine.
So, I don't know if I did something wrong or there is a bug in the scripts that are underlying cockpit - but if anybody is reading this, and you had problems - try to join manually!