[Authentication] realmd domain join with kinit not working on Ubuntu 18.04
Niklas Andersson
niklas.andersson at openforce.se
Fri Jul 20 18:48:30 UTC 2018
AFAIK you don't need any of these options "--login-type user --login-user
Administrator --stdin-password" if you have a valid Kerberos ticket (check
with klist)
The purpose with Kerberos is that you don't need to specify user or
password.
Regards,
Niklas
On Fri, Jul 20, 2018 at 4:40 PM, Simon May <simon.may at uni-muenster.de>
wrote:
> Hello everyone,
>
> I hope this is the right place to ask questions like this. I’m trying to
> set up an Ubuntu 18.04 machine and join it to an Active Directory
> domain. On all other systems I’ve used, I could do
>
> # kinit -kt /path/to/keytab my_username
> # realm join ad.example.com
>
> However, with Ubuntu 18.04, it seems that the realm command doesn’t see
> the Kerberos ticket:
>
> # kinit -kt /path/to/keytab my_username
> # realm join --verbose ad.example.com
> * Resolving: _ldap._tcp.ad.example.com
> * Performing LDAP DSE lookup on: 10.A.B.150
> * Performing LDAP DSE lookup on: 10.C.D.131
> * Successfully discovered: ad.example.com
> Password for Administrator:
> * Unconditionally checking packages
> * Resolving required packages
> * LANG=C /usr/sbin/adcli join --verbose --domain ad.example.com
> --domain-realm AD.EXAMPLE.COM --domain-controller 10.A.B.150
> --login-type user --login-user Administrator --stdin-password
> * Using domain name: ad.example.com
> * Calculated computer account name from fqdn: PCTEST
> * Using domain realm: ad.example.com
> * Sending netlogon pings to domain controller: cldap://10.A.B.150
> * Received NetLogon info from: ADS2.ad.example.com
> * Wrote out krb5.conf snippet to
> /var/cache/realmd/adcli-krb5-liolnd/krb5.d/adcli-krb5-conf-032njz
> ! Couldn't authenticate as: Administrator at AD.EXAMPLE.COM:
> Preauthentication failed
> adcli: couldn't connect to ad.example.com domain: Couldn't
> authenticate as: Administrator at AD.EXAMPLE.COM: Preauthentication failed
> ! Failed to join the domain
>
> What could be happening here?
>
> (I previously asked this question on superuser.com
> <https://superuser.com/q/1338100>, but unfortunately didn’t get any
> reaction.)
>
>
> Best wishes,
> Simon
>
>
> _______________________________________________
> Authentication mailing list
> Authentication at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/authentication
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/authentication/attachments/20180720/3968d00a/attachment.html>
More information about the Authentication
mailing list