[Authentication] realmd domain join with kinit not working on Ubuntu 18.04

Niklas Andersson niklas.andersson at openforce.se
Fri Jul 20 18:48:30 UTC 2018 

AFAIK you don't need any of these options "--login-type user --login-user
Administrator --stdin-password" if you have a valid Kerberos ticket (check
with klist)

The purpose with Kerberos is that you don't need to specify user or
password.

Regards,
Niklas

On Fri, Jul 20, 2018 at 4:40 PM, Simon May <simon.may at uni-muenster.de>
wrote:

> Hello everyone,
>
> I hope this is the right place to ask questions like this. I’m trying to
> set up an Ubuntu 18.04 machine and join it to an Active Directory
> domain. On all other systems I’ve used, I could do
>
>     # kinit -kt /path/to/keytab my_username
>     # realm join ad.example.com
>
> However, with Ubuntu 18.04, it seems that the realm command doesn’t see
> the Kerberos ticket:
>
>     # kinit -kt /path/to/keytab my_username
>     # realm join --verbose ad.example.com
>      * Resolving: _ldap._tcp.ad.example.com
>      * Performing LDAP DSE lookup on: 10.A.B.150
>      * Performing LDAP DSE lookup on: 10.C.D.131
>      * Successfully discovered: ad.example.com
>     Password for Administrator:
>      * Unconditionally checking packages
>      * Resolving required packages
>      * LANG=C /usr/sbin/adcli join --verbose --domain ad.example.com
> --domain-realm AD.EXAMPLE.COM --domain-controller 10.A.B.150
> --login-type user --login-user Administrator --stdin-password
>      * Using domain name: ad.example.com
>      * Calculated computer account name from fqdn: PCTEST
>      * Using domain realm: ad.example.com
>      * Sending netlogon pings to domain controller: cldap://10.A.B.150
>      * Received NetLogon info from: ADS2.ad.example.com
>      * Wrote out krb5.conf snippet to
> /var/cache/realmd/adcli-krb5-liolnd/krb5.d/adcli-krb5-conf-032njz
>      ! Couldn't authenticate as: Administrator at AD.EXAMPLE.COM:
> Preauthentication failed
>     adcli: couldn't connect to ad.example.com domain: Couldn't
> authenticate as: Administrator at AD.EXAMPLE.COM: Preauthentication failed
>      ! Failed to join the domain
>
> What could be happening here?
>
> (I previously asked this question on superuser.com
> <https://superuser.com/q/1338100>, but unfortunately didn’t get any
> reaction.)
>
>
> Best wishes,
> Simon
>
>
> _______________________________________________
> Authentication mailing list
> Authentication at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/authentication
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/authentication/attachments/20180720/3968d00a/attachment.html>

More information about the Authentication mailing list