Afternoon all, I'm writing this up because I've spent the last day or two trying to get AD integration setup, and I've run into cryptic issues and bugs. I was trying simply to add join my homelab domain, and not have to include the domain name in my login, as well as use the AD id backend as my other servers use it as well. I kept getting a long, "Configuration for trusted domains requires that the idmap backend be configured to handle these domains..." validation message, and then once I got that working, there's a bug in the configuration when trying to enable "Use Default Domain" as well as incorrect tooltip text! So I'll list the steps out here that I stumbled into, and hopefully I can save someone the effort.
1. Join the domain with all the standard settings.
2. Open Advanced Settings and under the Idmap box, Change the idmap type to AUTORID for your domain. There are two entries, its the one that has your domain in it. Even if you want to use AD later, you have to have AUTORID selected to bypass the validation checks.
3. Leave the domain
4. Join the domain again, but this time open advanced options and check both "Use Default Domain" and "Allow Trusted Domains"
5. This join should go successfully. Now you can change the idmap type back to AD if you want.
Hope this helps someone!
1. Join the domain with all the standard settings.
2. Open Advanced Settings and under the Idmap box, Change the idmap type to AUTORID for your domain. There are two entries, its the one that has your domain in it. Even if you want to use AD later, you have to have AUTORID selected to bypass the validation checks.
3. Leave the domain
4. Join the domain again, but this time open advanced options and check both "Use Default Domain" and "Allow Trusted Domains"
5. This join should go successfully. Now you can change the idmap type back to AD if you want.
Hope this helps someone!