Nov 27 2022 06:22 PM
adcli: joining domain ad.domain.com failed: Couldn't set password for computer account: Ubuntu$: Message stream modified
Nov 28 2022 01:17 AM
Nov 28 2022 06:33 AM
Sep 10 2023 06:59 AM - edited Sep 10 2023 07:00 AM
The problem still persist, I have a lab domain with two domain controllers build 25941.1000
Joining a Debian server to a Windows domain is usually a rutine operation pr. these instructions,
https://www.server-world.info/en/note?os=Debian_11&p=realmd for a RHEL based it is a bit different but the principle is the same.
The full error I get is this:
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Resolving: _ldap._tcp.dahl.local
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Performing LDAP DSE lookup on: 192.168.1.2
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Performing LDAP DSE lookup on: 192.168.1.3
Sep 10 14:33:13 dahl-ha01 realmd[6334]: * Successfully discovered: DAHL.LOCAL
Sep 10 14:33:17 dahl-ha01 realmd[6334]: * Unconditionally checking packages
Sep 10 14:33:17 dahl-ha01 realmd[6334]: * Resolving required packages
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * LANG=C /usr/sbin/adcli join --verbose --domain DAHL.LOCAL --domain-realm DAHL.LOCAL --domain-controller 192.168.1.2 --login-type user --login-user administrator --st>
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain name: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Calculated computer account name from fqdn: DAHL-HA01
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain realm: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Sending NetLogon ping to domain controller: 192.168.1.2
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Received NetLogon info from: DAHL-DC01.DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-wUrYGy/krb5.d/adcli-krb5-conf-LjePOY
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Authenticated as user: administrator@DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using GSS-SPNEGO for SASL bind
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Looked up short domain name: DAHL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Looked up domain SID: S-1-5-21-3026885998-1470743596-3073368994
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using fully qualified name: dahl-ha01.dahl.local
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain name: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using computer account name: DAHL-HA01
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using domain realm: DAHL.LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Calculated computer account name from fqdn: DAHL-HA01
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Generated 120 character computer password
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Using keytab: FILE:/etc/krb5.keytab
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * A computer account for DAHL-HA01$ does not exist
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Found well known computer container at: CN=Computers,DC=DAHL,DC=LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Calculated computer account: CN=DAHL-HA01,CN=Computers,DC=DAHL,DC=LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Encryption type [3] not permitted.
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Encryption type [1] not permitted.
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Created computer account: CN=DAHL-HA01,CN=Computers,DC=DAHL,DC=LOCAL
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Sending NetLogon ping to domain controller: 192.168.1.2
Sep 10 14:33:18 dahl-ha01 realmd[6334]: * Received NetLogon info from: DAHL-DC01.DAHL.LOCAL
Sep 10 14:33:19 dahl-ha01 realmd[6334]: ! Couldn't set password for computer account: DAHL-HA01$: Message stream modified
Sep 10 14:33:19 dahl-ha01 realmd[6334]: adcli: joining domain DAHL.LOCAL failed: Couldn't set password for computer account: DAHL-HA01$: Message stream modified
Sep 10 14:33:19 dahl-ha01 realmd[6334]: ! Failed to join the domain
Realmd has not problem discovering the domain and the computer object is created, it is the set password operation that fails