I am unable to connect to LDAPS via my RHEL server

Question

question

411740272e08eff12e6753c93b90ae22-7686 asked Sep 9, '20 411740272e08eff12e6753c93b90ae22-7686 commented Sep 11, '20

I am unable to connect to LDAPS via my RHEL server

I have a RHEL 7 server and I am attempting to follow the following guide: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-rhel-linux-vm

However, I seem to be unable to connect when doing 'sudo realm discover MYDOMAIN.COM'. My output is 'realm: No such realm found: MYDOMAIN.COM'.

If I attempt a TLS connection using OpenSSL (openssl s_client -connect mydomain.com:636), I am able to connect to the server and it is pulling my certificate. This rules out network security group issues.

Thus I am at a loss at where I have missed a configuration step. mydomain.com is set to point to the external Azure AD DS LDAPS IP address in my /etc/hosts file.

I used https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps to setup my LDAPS connection on AD DS.

azure-ad-domain-services

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2020-09-09T22:26:05.787Z

MarileeTurscak-MSFT answered Sep 9, '20 411740272e08eff12e6753c93b90ae22-7686 commented Sep 11, '20

Hi @411740272e08eff12e6753c93b90ae22-7686

Here are some troubleshooting steps you can try:

Try using the UPN format to specify credentials. If there are many users with the same UPN prefix in your tenant or if your UPN prefix is overly long, the SAMAccountName for your account may be auto-generated. In these cases, the SAMAccountName format for your account may be different from what you expect or use in your on-premises domain.
Try to use the credentials of a user account that belongs to the AAD DC Administrators group.
Check that you have enabled password synchronization to your managed domain.
Check that you've used the UPN of the user as configured in Azure AD (for example, bob@domainservicespreview.onmicrosoft.com) to sign in.
Wait long enough for password synchronization to be completed.

Let me know if any of these steps help!

· 3

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

411740272e08eff12e6753c93b90ae22-7686 · Sep 10, 2020 at 09:18 AM

Hi, thank you, however, this is not relevant as I am unable to even discover the realm, meaning I can't actually get to the point of authentication.

0 ·

MarileeTurscak-MSFT 411740272e08eff12e6753c93b90ae22-7686 · Sep 10, 2020 at 10:17 PM

Got it. Usually that error happens at the point of authentication. Can you please post a screenshot of it?

0 ·

411740272e08eff12e6753c93b90ae22-7686 MarileeTurscak-MSFT · Sep 11, 2020 at 01:03 PM

To exactly quote from my question:

However, I seem to be unable to connect when doing 'sudo realm discover MYDOMAIN.COM'. My output is 'realm: No such realm found: MYDOMAIN.COM'.

This error literally cannot happen at the point of authentication.

0 ·

question