<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Reason is that seemingly not all servers are both read and write (personally I find this strange, but that is how it was explained to me) So we need to join with a specific set of servers, a sub-set of those in the domain. Regards, Niklas <div class="moz-cite-prefix">On 18/10/16 13:51, Stephen Gallagher wrote: </div> <blockquote cite="mid:25a50b77-a715-c854-3420-b2f7a4d4926a@redhat.com" type="cite"> <pre wrap="">On 10/18/2016 06:50 AM, Stef Walter wrote: </pre> <blockquote type="cite"> <pre wrap="">On 18.10.2016 11:32, Niklas Andersson wrote: </pre> <blockquote type="cite"> <pre wrap="">Hi, Can I add ad-cli parameters to realm when joining? I am interested in using the --domain-controller parameter to specify a specific server to use for joining. I.e: realm join --membership-software=adcli --domain-controller=myspecificserver.mydomain.tld MYDOMAIN.TLD </pre> </blockquote> <pre wrap=""> Hmmm, I thought you could do: sudo realm join --membership-software=adcli \ myspecificserver.mydomain.tld Just join to the server, and I think it'll figure it out. Even the IP address seems to work for AD domains. </pre> </blockquote> <pre wrap=""> Actually, the IP address thing seems not to work anymore for AD 2016 servers. I'm not sure the reasoning, but it would probably not be a terrible idea to simply disallow raw IPs for both AD and FreeIPA domains. </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Authentication mailing list <a class="moz-txt-link-abbreviated" href="mailto:Authentication@lists.freedesktop.org">Authentication@lists.freedesktop.org</a> <a class="moz-txt-link-freetext" href="https://lists.freedesktop.org/mailman/listinfo/authentication">https://lists.freedesktop.org/mailman/listinfo/authentication</a> </pre> </blockquote> </body> </html>