In ALL integrations with the AD, the rule when configuring IPBrick is:
DNS Domain: DNS matches the domain used by the AD (realm);
Name resolution: use the IP of the domain's DNS server (Usually the AD itself)
Time: Synchronize the time by NTP via the AD's server (NTP : AD_IP)
AD's DNS: The DNS server must be updated with ALL the IPBrick's records - eg:
IPBrick-name: ipbrick.domain.com
Alias: iportaldoc.domain.com (contacts, etc.)
IP: 192.168.69.199
Do not forget to register the A record ipbrick.domain.com pointing to the IP: 192.168.69.199 as well as the respective PTR record
All other aliases must be registered as such - CNAME
Login link to AD: Domain Administrator Login (DN): the rule is to create a NEW user in AD exclusively for connecting to the AD - Do not use the administrator's login since it is typically used by many other services and thus the password tends to be regularly changed, and so IPBrick would have to update and restart itself!
Sometimes it is necessary to 'help' the AD Domain Join and Kerberos, so you should type at the console:
kinit [link to AD]
net ads join-U [AD Administor's login]-S [AD_NAME]
