cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Ubuntu / Debian join Active Directory

sEb05mAr86
Copper Contributor

‎Nov 27 2022 06:22 PM

‎Nov 27 2022 06:22 PM

Ubuntu / Debian join Active Directory

Hi,
I am testing domain join via realmd/adcli. The DC is Windows Server 2022 Insider/Preview,
I get the following error message:

 

adcli: joining domain ad.domain.com failed: Couldn't set password for computer account: Ubuntu$: Message stream modified​

 

The computer Ubuntu is created in AD (without password) -> ! Failed to join the domain
If the DC is Windows Server 2022 without Insider/Preview, the domain join works.
2,027 Views
0 Likes
3 Replies
Reply
3 Replies
Alban1998

‎Nov 28 2022 01:17 AM

‎Nov 28 2022 01:17 AM

Re: Ubuntu / Debian join Active Directory

Hello, does it work with Windows Server 2022 non Insider/preview fully updated ?
0 Likes
Reply
sEb05mAr86

‎Nov 28 2022 06:33 AM

‎Nov 28 2022 06:33 AM

Re: Ubuntu / Debian join Active Directory

I had tested this some time ago and didn't remember which update status the DC had, so I "built" the scenario again (2VM's)

In the test all updates are now installed and the domain join works without problems.
0 Likes
Reply
jakobdahl

‎Sep 10 2023 06:59 AM - edited ‎Sep 10 2023 07:00 AM

‎Sep 10 2023 06:59 AM - edited ‎Sep 10 2023 07:00 AM

Re: Ubuntu / Debian join Active Directory

The problem still persist, I have a lab domain with two domain controllers build 25941.1000

Joining a Debian server to a Windows domain is usually a rutine operation pr. these instructions,

https://www.server-world.info/en/note?os=Debian_11&p=realmd for a RHEL based it is a bit different but the principle is the same.

The full error I get is this:

 

Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Resolving: _ldap._tcp.dahl.local
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Performing LDAP DSE lookup on: 192.168.1.2
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Performing LDAP DSE lookup on: 192.168.1.3
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Successfully discovered: DAHL.LOCAL
Sep 10 14:33:17 dahl-ha01 realmd[6334]: * Unconditionally checking packages
Sep 10 14:33:17 dahl-ha01 realmd[6334]: * Resolving required packages
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * LANG=C /usr/sbin/adcli join --verbose --domain DAHL.LOCAL --domain-realm DAHL.LOCAL --domain-controller 192.168.1.2 --login-type user --login-user administrator --st>
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain name: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Calculated computer account name from fqdn: DAHL-HA01
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain realm: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Sending NetLogon ping to domain controller: 192.168.1.2
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Received NetLogon info from: DAHL-DC01.DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-wUrYGy/krb5.d/adcli-krb5-conf-LjePOY
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Authenticated as user: administrator@DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using GSS-SPNEGO for SASL bind
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Looked up short domain name: DAHL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Looked up domain SID: S-1-5-21-3026885998-1470743596-3073368994
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using fully qualified name: dahl-ha01.dahl.local
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain name: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using computer account name: DAHL-HA01
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain realm: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Calculated computer account name from fqdn: DAHL-HA01
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Generated 120 character computer password
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using keytab: FILE:/etc/krb5.keytab
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * A computer account for DAHL-HA01$ does not exist
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Found well known computer container at: CN=Computers,DC=DAHL,DC=LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Calculated computer account: CN=DAHL-HA01,CN=Computers,DC=DAHL,DC=LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Encryption type [3] not permitted.
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Encryption type [1] not permitted.
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Created computer account: CN=DAHL-HA01,CN=Computers,DC=DAHL,DC=LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Sending NetLogon ping to domain controller: 192.168.1.2
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Received NetLogon info from: DAHL-DC01.DAHL.LOCAL
Sep 10 14:33:19 dahl-ha01 realmd[6334]: ! Couldn't set password for computer account: DAHL-HA01$: Message stream modified
Sep 10 14:33:19 dahl-ha01 realmd[6334]: adcli: joining domain DAHL.LOCAL failed: Couldn't set password for computer account: DAHL-HA01$: Message stream modified
Sep 10 14:33:19 dahl-ha01 realmd[6334]: ! Failed to join the domain

 

Realmd has not problem discovering the domain and the computer object is created, it is the set password operation that fails

0 Likes
Reply