API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 21st, 2018
327
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.12 KB | None | 0 0
raw download clone embed print report
  1. 'realm join' is failing with error "Failed to join domain: Failed to set machine spn: Constraint violation"
  2. SOLUTION VERIFIED - Updated March 19 2018 at 10:42 AM - English
  3. Environment
  4. Red Hat Enterprise Linux(RHEL) 7
  5. realmd
  6. Issue
  7. 'realm join' is failing with the following error even if user is member of "Domain Admins" group:
  8. Raw
  9. # realm join -v example.com --computer-ou OU=Servers,OU=DEV -U ad_user
  10. * Resolving: _ldap._tcp.example.com
  11. * Performing LDAP DSE lookup on: 192.168.0.1
  12. * Successfully discovered: EXAMPLE.COM
  13. Password for ad_user:
  14. * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
  15. * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.GVUCFZ -U ad_user ads join EXAMPLE.COM createcomputer=DEV/Servers
  16. Enter ad_user's password:
  17. Failed to join domain: Failed to set machine spn: Constraint violation <-----
  18. Do you have sufficient permissions to create machine accounts? <-----
  19. ! Joining the domain EXAMPLE.COM failed
  20. realm: Couldn't join realm: Joining the domain EXAMPLE.COM failed
  21. Resolution
  22. Check if machine account for the system is already available/present in AD.
  23.  
  24. If it's already there, delete/remove the existing account in AD or choose different hostname for the system.
  25.  
  26. Then re-attempt realm join.
  27.  
  28. Root Cause
  29. Turned out the hostname was conflicting with another hostname in a different domain in the same forest thus the SPN was not unique in the forest. Changing the hostname should resolve this issue.
  30. Diagnostic Steps
  31. Check if AD user has sufficient permissions in AD to join system into the domain.
  32.  
  33. Before attempting a join using realm join confirm on AD side if machine account of the system is available/present or not.
  34.  
  35. Product(s) Red Hat Enterprise Linux Category Troubleshoot Tags active_directory rhel_7
  36. This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!