Month: April 2016

Solution for MySQL ERROR 1396 (HY000): Operation CREATE USER failed for

Posted on by rchapin

This indicates that the user already exists, or did exist but that all of the data for that user has not been deleted.

As the mysql root user:

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user'@'hostname';
DROP USER 'user'@'hostname'

Then re-try creating the user.

How to Configure a Linux Client for Active Directory Authentication

Posted on by rchapin

I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.

Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server.  It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.

Install the following packages

yum install sssd-tools adcli realmd

sssd will not yet have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.

Disable selinux. Perhaps selinux can be re-enabled after joining and configuration?

Search for a realm

realm discover -v
 * Looking up our DHCP domain
 * Discovering for DHCP domain: somedomain.com
 * Searching for kerberos SRV records for domain: _kerberos._udp.somedomain.com
 * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.somedomain.com
 * server1.somedomain.com:88 server2.somedomain.com:88 server3.somedomain.com:88
 * Found kerberos DNS records for: somedomain.com
 * Found AD style DNS records for: somedomain.com
 * Successfully discovered: somedomain.com
somedomain.com
  type: kerberos
  realm-name: SOMEDOMAIN.COM
  domain-name: somedomain.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: SOMEDOMAIN\%U
  login-policy: allow-any-login

Joined the domain

realm join -U admin --verbose somedomain.com

Allow all users from a given domain to login

realm permit --realm somedomain.com --all

Add the home directory paths

mkdir /home/SOMEDOMAIN

 Start and enable sssd

systemctl enable sssd && systemctl start sssd

Log out from the local user account and then log in as a user in the domain:
    . uid: SOMEDOMAIN\uid
    . This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid

© 2005 Ryan Chapin