Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1594: adjoin fails on Ubuntu for .local domains

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:37 AM

Applies to: All versions of DirectControl on Ubuntu Linux 9.04 and later

Question:
Why am I unable to join an Ubuntu Linux machine with a .local domain suffix to Active Directory using Centrify DirectControl?


# adinfo --diag
DNS query for: _ldap._tcp.domain.local
Found SRV records:
server2003.domain.local:389
Testing Active Directory connectivity:
Domain Controller: server2003.domain.local
Can't resolve IP address for server2003.domain.local
Please check your DNS configuration
Forest Name: <unavailable>
Testing Active Directory connectivity:
Forest Name: <unavailable>
Machine is not yet joined.
Provide a valid username and password to bind to Active Directory


Additionally, ping on the server2003.domain.local times out.

Answer:
.local is a pseudo-top-level domain used in multicast domain name service (mDNS) of zero configuration networking discovery protocols. Ubuntu or SuSE will have resolution problems with .local domain because mdns is on by default.

In order to successfully join to a .local Active Directory domain, you must set the multi option to off in the /etc/host.conf file along with modification to /etc/nsswitch.conf.

1) Edit /etc/host.conf and turn off multi option. If you do not see the multi option then add it to the file.

multi off

This setting is required to enable proper DNS resolution, and therefore, must be set to successfully join the domain, and allow logins to occur properly.

2) Edit the /etc/nsswitch.conf, search for:
hosts:       files mdns4_minimal [NOTFOUND=return] dns mdns4
and change it to:
hosts:       files dns mdns4

3) Perform an adleave/adjoin and the issue will be resolved.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.