Can't able to join Rocky server to windows AD

I am unable to join my Linux server to the Windows Active Directory (AD). I can’t even discover the domain from the Linux server, even though the AD ports are connecting successfully. However, I’m having trouble connecting to the _ldap_tcp of the domain.

Can any one help me to fix it?

Possibly, what version of Rocky Linux are you using ?
Do you just want authentication, or do you require shares ?

Thank you for your response hortimech. I am using Rocky 9 and want to enable my Windows AD users to access the Rocky 9 server.

Can you show the commands you’re running and their output?

realm -v discover
realm -v discover <yourdomain>

Please define ‘access’ ?

Do you just want authorisation, in which case sssd will suffice, or do you want shares, in which case, you need smbd, which requires winbind and so sssd shouldn’t be used.

It might help us to help you, if you could tell us what you have already tried.

Hi @nazunalika

Thanks for your reply, Here is the output

realm -v discover flatironssolutions.com

  • Resolving: _ldap._tcp.flatironssolutions.com
    ! Discovery timed out after 15 seconds
    realm: No such realm found: flatironssolutions.com

I want to log into the Linux server using my Active Directory (AD) user account.

Is ‘flatironssolutions.com’ your actual AD dns domain, I ask this because it appears to be accessible from the internet. If it is, then can you please find who ever set up your AD domain and tell them, from me, that they are stupid, I would expect AD to be using a subdomain e.g. ad.flatironssolutions.com .

If all you want is to authenticate from AD (or ‘login’ as you put it), then sssd should work.

It doesn’t really matter if the DNS zones are properly setup internally and externally.

This is a DNS issue internally to your network. Please work with your AD administrators to determine why you cannot resolve the DNS records to the domain.

Sorry, but it does matter, you should never use a registered dns domain for an AD dns domain, for reasons such as this, another reason is that Samba AD DCs are authoritative for the AD dns domain.