Hi,
Has anyone had any success while setting up SSSD with RODC AD Server? We are setting this up on CentOS 6.8 machines but doesn't seem to work.
Computer object is created and replicated to RODC. Verified that all configuration file parameters are identical to the ones mentioned in the link below.
https://access.redhat.com/discussions/2838371I assume we still have to join the server to RODC? Is the joining process still the same as we do for a Writable DC.
When using "net ads join" I get the following error:
Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED)
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [sdap_set_sasl_options] (0x0100): Will look for testdmzlin@X.Y.LOCAL in default keytab
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [find_principal_in_keytab] (0x0400): No principal matching testdmzlin@X.Y.LOCAL found in keytab.
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [find_principal_in_keytab] (0x0400): No principal matching TESTDMZLIN$@X.Y.LOCAL found in keytab.
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [find_principal_in_keytab] (0x0400): No principal matching host/testdmzlin@X.Y.LOCAL found in keytab.
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [find_principal_in_keytab] (0x0400): No principal matching *$@X.Y.LOCAL found in keytab.
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [find_principal_in_keytab] (0x0400): No principal matching host/*@X.Y.LOCAL found in keytab.
(Tue Feb 14 11:20:42 2017) [sssd[be[x.y.local]]] [find_principal_in_keytab] (0x0400): No principal matching host/*@(null) found in keytab.
But if i try to query this RODC using "ldapsearch" it works.
ldapsearch -H ldap://RODC_ServerName.x.y.local/ -Y GSSAPI -N -b "dc=x,dc=y,dc=local" "(&(objectClass=user)(sAMAccountName=firstname.lastname))"
What else can I check to troubleshoot this issue?
Thanks,
~ Abhi