Join Active Directory without Changing /etc/hosts
When you use the AD Bridge domain join tool, AD Bridge uses the host name of the computer to derive a fully qualified domain name (FQDN) and automatically sets the computer’s FQDN in the /etc/hosts file.
To join a Linux computer to the domain without changing the /etc/hosts file, run the following command as root. Replace:
- domainName: the FQDN of the domain to join
- joinAccount: the user account with privileges to join computers to the domain
/opt/pbis/bin/domainjoin-cli join --nohosts domainName joinAccount
/opt/pbis/bin/domainjoin-cli join --nohosts example.com Administrator
After you join a domain for the first time, you must restart the computer before you can log on.
If the Computer Fails to Join the Domain
Make sure the computer's FQDN is correct in /etc/hosts. For the computer to process tickets in compliance with the Kerberos protocol and to function properly when it uses cached credentials in offline mode or when its DNS server is offline, there must be a correct FQDN in /etc/hosts.
For more information on GSS-API requirements, see RFC 2743.
You can determine the FQDN of a computer running Linux or Unix by executing the following command:
ping -c 1 `hostname`
When you execute this command, the computer looks up the primary host entry for its hostname. In most cases, this means that it looks for its hostname in /etc/hosts, returning the first FQDN name on the same line. For example, the correct entry for the hostname qaserver, in /etc/hosts:
10.100.10.10 qaserver.corpqa.example.com qaserver
If the entry in /etc/hosts incorrectly lists the hostname (or anything else) before the FQDN, the computer's FQDN becomes, using the malformed example below, qaserver:
10.100.10.10 qaserver qaserver.corpqa.example.com
If the host entry cannot be found in /etc/hosts, the computer looks for the results in DNS instead. This means that the computer must have a correct A record in DNS. If the DNS information is wrong and you cannot correct it, add an entry to /etc/hosts.
