[Authentication] realmd domain join with kinit not working on Ubuntu 18.04
Simon May
simon.may at uni-muenster.de
Fri Jul 20 14:40:23 UTC 2018
Hello everyone,
I hope this is the right place to ask questions like this. I’m trying to
set up an Ubuntu 18.04 machine and join it to an Active Directory
domain. On all other systems I’ve used, I could do
# kinit -kt /path/to/keytab my_username
# realm join ad.example.com
However, with Ubuntu 18.04, it seems that the realm command doesn’t see
the Kerberos ticket:
# kinit -kt /path/to/keytab my_username
# realm join --verbose ad.example.com
* Resolving: _ldap._tcp.ad.example.com
* Performing LDAP DSE lookup on: 10.A.B.150
* Performing LDAP DSE lookup on: 10.C.D.131
* Successfully discovered: ad.example.com
Password for Administrator:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain ad.example.com
--domain-realm AD.EXAMPLE.COM --domain-controller 10.A.B.150
--login-type user --login-user Administrator --stdin-password
* Using domain name: ad.example.com
* Calculated computer account name from fqdn: PCTEST
* Using domain realm: ad.example.com
* Sending netlogon pings to domain controller: cldap://10.A.B.150
* Received NetLogon info from: ADS2.ad.example.com
* Wrote out krb5.conf snippet to
/var/cache/realmd/adcli-krb5-liolnd/krb5.d/adcli-krb5-conf-032njz
! Couldn't authenticate as: Administrator at AD.EXAMPLE.COM:
Preauthentication failed
adcli: couldn't connect to ad.example.com domain: Couldn't
authenticate as: Administrator at AD.EXAMPLE.COM: Preauthentication failed
! Failed to join the domain
What could be happening here?
(I previously asked this question on superuser.com
<https://superuser.com/q/1338100>, but unfortunately didn’t get any
reaction.)
Best wishes,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/authentication/attachments/20180720/371461c3/attachment.sig>
More information about the Authentication
mailing list