Verify that DNS is setup correctly.
I have my domain controllers listed in the /etc/hosts file to verify that each client knows where to look for them.
# example of domain controllers in /etc/hosts
1.1.1.1 domaincontroller1.ad.example.com domaincontroller1
2.2.2.2 domaincontroller2.ad.example.com domaincontroller2
3.3.3.3 domaincontroller3.ad.example.com domaincontroller3
4.4.4.4 domaincontroller4.ad.example.com domaincontroller4
Also check /etc/resolv.conf or /etc/systemd/resolved.conf (Ubuntu 20.04) for DNS nameserver configuation.
# example of entries in /etc/resolv.conf or /etc/systemd/resolved.conf
nameserver <ip address>
nameserver 8.8.8.8
search ad.your.domain
After modifying /etc/systemd/resolved.conf, you will need to run:
systemctl restart resolvconf
resolvconf -u
On Ubuntu 20.04 you can also run systemd-resolve --status
to view what DNS servers are configured.
Make sure that you have /etc/sssd/sssd.conf with permissions and owner set correctly.
# Permissions
-rw------- 1 root root 1.3K Dec 21 08:42 /etc/sssd/sssd.conf
If using realm to join the domain, your sssd config file only needs to have the following in it to join. Realm will automatically build out some of the other needed requirements in the sssd.conf file.
# Basic sssd.conf configurations
[sssd]
domains =
config_file_version = 2
services = nss, pam
# example realm join command
realm join -U AdminAcct ad.example.com --computer-name="server1" --os-name="Ubuntu" --os-version="20.04" --computer-ou="CN=Computers,DC=ad,DC=example,DC=com" --automatic-id-mapping=no
After joining the domain with the above configuration, you can modify the sssd.conf file and then just run:
systemctl restart sssd.service && sss_cache -E