<div dir="ltr">AFAIK you don't need any of these options "<span style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">--login-type user --login-user Administrator --stdin-password"</span> if you have a valid Kerberos ticket (check with klist)<div><br></div><div>The purpose with Kerberos is that you don't need to specify user or password.</div><div><br></div><div>Regards,</div><div>Niklas</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 20, 2018 at 4:40 PM, Simon May <span dir="ltr"><<a href="mailto:simon.may@uni-muenster.de" target="_blank">simon.may@uni-muenster.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello everyone,<br> <br> I hope this is the right place to ask questions like this. I’m trying to<br> set up an Ubuntu 18.04 machine and join it to an Active Directory<br> domain. On all other systems I’ve used, I could do<br> <br> # kinit -kt /path/to/keytab my_username<br> # realm join <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a><br> <br> However, with Ubuntu 18.04, it seems that the realm command doesn’t see<br> the Kerberos ticket:<br> <br> # kinit -kt /path/to/keytab my_username<br> # realm join --verbose <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a><br> * Resolving: _ldap._<a href="http://tcp.ad.example.com" rel="noreferrer" target="_blank">tcp.ad.example.com</a><br> * Performing LDAP DSE lookup on: 10.A.B.150<br> * Performing LDAP DSE lookup on: 10.C.D.131<br> * Successfully discovered: <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a><br> Password for Administrator:<br> * Unconditionally checking packages<br> * Resolving required packages<br> * LANG=C /usr/sbin/adcli join --verbose --domain <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a><br> --domain-realm <a href="http://AD.EXAMPLE.COM" rel="noreferrer" target="_blank">AD.EXAMPLE.COM</a> --domain-controller 10.A.B.150<br> --login-type user --login-user Administrator --stdin-password<br> * Using domain name: <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a><br> * Calculated computer account name from fqdn: PCTEST<br> * Using domain realm: <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a><br> * Sending netlogon pings to domain controller: cldap://10.A.B.150<br> * Received NetLogon info from: <a href="http://ADS2.ad.example.com" rel="noreferrer" target="_blank">ADS2.ad.example.com</a><br> * Wrote out krb5.conf snippet to<br> /var/cache/realmd/adcli-krb5-<wbr>liolnd/krb5.d/adcli-krb5-conf-<wbr>032njz<br> ! Couldn't authenticate as: <a href="mailto:Administrator@AD.EXAMPLE.COM">Administrator@AD.EXAMPLE.COM</a>:<br> Preauthentication failed<br> adcli: couldn't connect to <a href="http://ad.example.com" rel="noreferrer" target="_blank">ad.example.com</a> domain: Couldn't<br> authenticate as: <a href="mailto:Administrator@AD.EXAMPLE.COM">Administrator@AD.EXAMPLE.COM</a>: Preauthentication failed<br> ! Failed to join the domain<br> <br> What could be happening here?<br> <br> (I previously asked this question on <a href="http://superuser.com" rel="noreferrer" target="_blank">superuser.com</a><br> <<a href="https://superuser.com/q/1338100" rel="noreferrer" target="_blank">https://superuser.com/q/<wbr>1338100</a>>, but unfortunately didn’t get any<br> reaction.)<br> <br> <br> Best wishes,<br> Simon<br> <br> <br>______________________________<wbr>_________________<br> Authentication mailing list<br> <a href="mailto:Authentication@lists.freedesktop.org">Authentication@lists.<wbr>freedesktop.org</a><br> <a href="https://lists.freedesktop.org/mailman/listinfo/authentication" rel="noreferrer" target="_blank">https://lists.freedesktop.org/<wbr>mailman/listinfo/<wbr>authentication</a><br> <br></blockquote></div><br></div>