I am unable to connect to LDAPS via my RHEL server

2020-09-09T18:43:01.647+00:00

I have a RHEL 7 server and I am attempting to follow the following guide: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/join-rhel-linux-vm

However, I seem to be unable to connect when doing 'sudo realm discover MYDOMAIN.COM'. My output is 'realm: No such realm found: MYDOMAIN.COM'.

If I attempt a TLS connection using OpenSSL (openssl s_client -connect mydomain.com:636), I am able to connect to the server and it is pulling my certificate. This rules out network security group issues.

Thus I am at a loss at where I have missed a configuration step. mydomain.com is set to point to the external Azure AD DS LDAPS IP address in my /etc/hosts file.

I used https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps to setup my LDAPS connection on AD DS.

Microsoft Security | Microsoft Entra | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2020-09-09T22:26:05.787+00:00

    Hi @411740272e08eff12e6753c93b90ae22

    Here are some troubleshooting steps you can try:

    1. Try using the UPN format to specify credentials. If there are many users with the same UPN prefix in your tenant or if your UPN prefix is overly long, the SAMAccountName for your account may be auto-generated. In these cases, the SAMAccountName format for your account may be different from what you expect or use in your on-premises domain.
    2. Try to use the credentials of a user account that belongs to the AAD DC Administrators group.
    3. Check that you have enabled password synchronization to your managed domain.
    4. Check that you've used the UPN of the user as configured in Azure AD (for example, ******@domainservicespreview.onmicrosoft.com) to sign in.
    5. Wait long enough for password synchronization to be completed.

    Let me know if any of these steps help!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.