Edited Guides:

CentOS: Join AD DS => Linux: Join AD DS

• Updated the list of packages required, and a note about fixing the error I ran into
• Added list of Ubuntu packages required

Not edited (beyond a slight formatting inconsistency), but relevant to the lab:

Linux Setup: Hostname and Static IP | Section: NetworkManager with nmcli

Working Notes

This week, I'm writing my notes live, rather than after the rest of the lab work is done. I will be going back and adding to sections as things develop. I was working with the CentOS 8 system known as ansible2-eli (first used in the Automation and Ansible lab) from the Windows Server system known as mgmt01-eli

Issues changing static IP with nmcli

There were a few issues I ran into surrounding the use of the nmcli command:

• The first time I tried to update the static IP, I was working in an SSH session. This created a bit of a problem when I brought the connection down without thinking, and, instead of bringing it back up with the new address, as I did in the nmcli instructions I had written previously, I brought it down, with the intention of bringing it back up in the next command, forgetting that I would be instantly disconnected.

• After that, I switched over to the actual VM I was working with, and fixed it, sort of - instead of the address "10.0.5.234/24", I entered "10.0.5.243/24".

• When I fixed that, I forgot the quotation marks in the command - instead of # nmcli connection modify ens192 ipv4.addresses "10.0.5.234/24", I entered # nmcli connection modify ipv4.addresses 10.0.5.234/24, which caused the command parser to fail to read the /24, leading to an address of 10.0.5.234/32. An easy fix, but still annoying.

Issues with Windows DNS

After fixing the IP address, and updating the Active Directory DNS records accordingly, I still couldn't connect to ansible2-eli over SSH - nslookup returned the right address, but connections using the ssh command or PuTTY timed out. The issue wound up fairly easy to diagnose - running > ping ansible2-eli on mgmt01-eli still tried to ping the old address (10.0.5.92), so I reasoned that there must be an issue with the DNS cache. Sure enough, running > ipconfig.exe /flushdns fixed the issue.

CentOS 8 Active Directory Domain Join issue

%3A I tried to join ansible2-eli to the eli.local Active Directory domain, cross-referencing my own previous Quick Guide and this article on Computing For Geeks but I ran into the error "Could not get kerebos ticket: KDC reply did not match expectations". Thankfully, this serverfault (StackExchange) answer led me to a rediculously simple solution: instead of using the flag [email protected], I used the flag [email protected]. I updated the old quick guide with the longer package list from the Computing For Geeks article, and added a note about the error and its solution.

AD DS and Cockpit together, because I can

While I was at this, I figured that I might as well add the Ubuntu server controller-eli to the eli.local domain, and added Ubuntu instructions to the CentOS: Join AD DS Quick Guide, then renamed it Linux: Join AD DS.

I also added both ansible1-eli (a CentOS 7 server) and controller-eli to Cockpit, and gave the domain admin group sudo powers on all three machines, because I felt like it.

Takeaway

I need to note 3 "terms or topics" that I want to learn more about in this tech jounal entry. As luck would have it, there's a lot I'm interested in from this lab:

• I would love to learn more about Cockpit - specifically, what (if any) security issues that running it might cause. If it's not too much of a security issue, I might set up a Cockpit installation over the summer, so that I can manage my various servers running at home from campus.

• So far, the biggest difference I've encountered between Debian-based and RHEL-based distros has been in Package Management, leading me to wonder if there is some "universal package manager" that can act as a wrapper for all of the different ones out there.

  • After a quick DuckDuckGo search for "universal package manager", I was able to find upm: Universal Package Manager, which aims to do just what I described.

• I'd love to learn more about Linux integration with AD DS, and what its limitations might be.