Forum Discussion
Problems to join Debian/Ubuntu machines to a domain
Is not posible to join Debian/Ubuntu machines to a domain based on Windows Server 2025 (using realm at least) this is the error:
! Couldn't set password for computer account: XXXX$: Message stream modified
adcli: joining domain xxxx.local failed: Couldn't set password for computer account: XXXX$: Message stream modified
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
Domain is discoverable vía realm:
root@lnms01:/home/administrator# realm discover xxxx.local
xxxx.local
type: kerberos
realm-name: XXXX.LOCAL
domain-name: xxxx.local
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
Tested on WS2025 build 26227 and Linux 6.1.0-21-amd64 x86_64, Linux 6.6.31+rpt-rpi-v8 aarch64 and Linux 6.8.0-31-generic x86_64.
Those 3 versions of Linux joined to another doman based con Windows Server 2022 without issues.
6 Replies
- Hello,
I also had the problem, my solution is to use the SAMBA client. :
sudo hostnamectl set-hostname <hostname>
sudo hostnamectl set-hostname <FQDN>
sudo timedatectl set-timezone Europe/Berlin
sudo apt install sssd-ad sssd-tools realmd adcli krb5-user samba-common-bin adsys oddjob oddjob-mkhomedir ca-certificates
sudo realm -v discover <Domainname>
realm join -v --membership-software=samba <Domainname>Joining a fully updated Ubuntu 24.04.1 system to an Active Directory with Server 2025 domain controllers at the Server 2025 forest/domain functions levels was not working. That is until I came across your suggestion. Thank you. Using realm join -v --membership-software=samba <Domainname> did it!
- Open a terminal on your Debian/Ubuntu machine.
- Run the following command, replacing ad.mycompany with your actual AD domain name and Administrator with a user account that has sufficient privileges to join workstations to the domain:
sudo realm join ad.mycompany -U Administrator --verbose
- You’ll be prompted to enter the password for the specified user (in this case, the AD Administrator account).
ejc2_
Hi, I just came across your post, did you find a solution?
I am testing adding a Debian 12 machine as a computer to a Active Directory domain controller on Windows Server 2025 testing vm and am experiencing the same problem.
I am trying to go through Group Policy Management Editor and change the default domain controllers policy in Computer Configuration > Policies > Windows Settings > Security Settings and find some settings that could be different by default between 2022 and 2025.
If I find a solution I will update it here.- Hi ZJonBelZ, did you find any solution / workaround? I'm trying with v26296.5001 with no success.
Thanks in advance. Hey,
can confirm that SSSD is not able to join AD Server 2025 (with FL/DL 2025). I also tried alot in the Group Policy, but that wont work.
i switched from SSSD back to Samba&Winbind. This works fine!
(https://www.server-world.info/en/note?os=Debian_12&p=samba&f=4)
Greetings
