search

amazonlinux / amazon-linux-2023

Amazon Linux 2023
https://aws.amazon.com/linux/amazon-linux-2023/
Other
500 stars 38 forks source link

[Bug] - Kerberos configuration Setting attribute standard:: type not supported #685

Open thecloudfaq opened 2 months ago

thecloudfaq commented 2 months ago

Describe the bug While attempting to join the Amazon Linux 2023 host to AD using adcli command got below message in the logs

! Failed to update Kerberos configuration, not fatal, please check manually. Setting attribute standard:: type not supported

To Reproduce Steps to reproduce the behavior:

  1. On EC2 Install dnf install -y oddjob oddjob-mkhomedir sssd adcli realmd samba-common-tools

  2. Ensure you have AD account for domain join e.g. domainname/aduserid and password

  3. Change hostname to 15 characters hostnamectl set-hostname al2023srv101 echo "al2023srv101" > /etc/hostname echo "ip address al2023srv101" >>/etc/hostname

  4. Perform domain join echo "ADPassword" | realm join -v -d "ADUserId" --computer-ou="OUPath in AD" domainname.org --membership-software=adcli

Expected behavior should not show below error message while domain join among other messages. ! Failed to update Kerberos configuration, not fatal, please check manually. Setting attribute standard:: type not supported

thecloudfaq commented 2 months ago

post domain join, earlier in Amazon Linux 2 OS it also updated the addomainname in the [realms] and [domain_realm] section in /etc/krb5.conf, however , in AL2023 it does not configure the [realms] and [domain_realm] with the addomainname e.g., [realms[ ADDOMAINNAME.ORG = {

} [domain_realm] addomainname.org = ADDOMAINNAME.ORG .addomainname.org = ADDOMAINNAME.ORG

thecloudfaq commented 2 months ago

Reference Bug from RHEL 8 OS: https://bugzilla.redhat.com/show_bug.cgi?id=1791016

awsvpc commented 2 months ago

Any update on this issue?