If you are unable to join the domain, run the preflight utility to validate your environment.
Then, verify the following:
- Check that the Active Directory account specified during join has rights to join the computer to the domain.
- Check that the Unix host is able to properly resolve the domain name through DNS.
If you are joining to a specific domain controller you must ensure that Safeguard Authentication Services can locate and read the configuration information in Active Directory. You should do one of the following:
- Make sure the domain controller you specify is a global catalog.
- Create the Safeguard Authentication Services application configuration in the domain to which you are joining.
- Properly configure DNS to return srv-records and avoid joining to a specific domain controller.
If you are unable to log in as an Active Directory user after installing, check the following:
- Log in as root on the Unix host.
- Check the status of the Safeguard Authentication Services subsystems. To do this, run the following command:
Correct any errors reported by the status command, then try logging in again.
- Ensure the user exists locally and is allowed to log in. To check this, run the following command:
vastool user checklogin <username>
The output displays whether the user is a known Active Directory user. If not, you may need to map the user to an Active Directory account or Unix-enable the Active Directory account. If the user is known, an access control rule may prevent them from logging in. The output of the command displays which access control rules are in effect for the user.
You may need to restart window managers such as gdm in order for the window manager to reload NSS modules. Until the window manager reloads the NSS configuration, you will be unable to log in with an Active Directory user. Other services such as cron may also be affected by NSS changes. If you are unsure which services need to be reloaded, reboot the system.