Problems to join Debian/Ubuntu machines to a domain

Copper Contributor

Is not posible to join Debian/Ubuntu machines to a domain based on Windows Server 2025 (using realm at least) this is the error:


! Couldn't set password for computer account: XXXX$: Message stream modified
adcli: joining domain xxxx.local failed: Couldn't set password for computer account: XXXX$: Message stream modified
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain


Domain is discoverable vía realm:

root@lnms01:/home/administrator# realm discover xxxx.local
type: kerberos
realm-name: XXXX.LOCAL
domain-name: xxxx.local
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss


Tested on WS2025 build 26227 and Linux 6.1.0-21-amd64 x86_64, Linux 6.6.31+rpt-rpi-v8 aarch64 and Linux 6.8.0-31-generic x86_64.


Those 3 versions of Linux joined to another doman based con Windows Server 2022 without issues.

3 Replies

Hi, I just came across your post, did you find a solution?

I am testing adding a Debian 12 machine as a computer to a Active Directory domain controller on Windows Server 2025 testing vm and am experiencing the same problem.

I am trying to go through Group Policy Management Editor and change the default domain controllers policy in Computer Configuration > Policies > Windows Settings > Security Settings and find some settings that could be different by default between 2022 and 2025.

If I find a solution I will update it here.



can confirm that SSSD is not able to join AD Server 2025 (with FL/DL 2025). I also tried alot in the Group Policy, but that wont work.


i switched from SSSD back to Samba&Winbind. This works fine!




@ejc2_ @ZJonBelZ 

  • Open a terminal on your Debian/Ubuntu machine.
  • Run the following command, replacing ad.mycompany with your actual AD domain name and Administrator with a user account that has sufficient privileges to join workstations to the domain:

 sudo realm join ad.mycompany -U Administrator --verbose


  • You’ll be prompted to enter the password for the specified user (in this case, the AD Administrator account).