[Samba] join to domain failed - Insufficient permissions to join the domain

Maurizio Caloro maurizio at caloro.ch
Wed Feb 3 15:44:26 UTC 2021


Hello

Installing now new Debian 10 Server and need to add this to domain Samba
4.13.2, in the meantime was running without any problems.

 

Installing this 

apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli
samba-common-bin oddjob oddjob-mkhomedir packagekit

 

root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# cat
/etc/resolv.conf

domain carag.local

search carag.local

nameserver 192.168.201.92

 

discovery running without problem

/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# realm discover carag.local

carag.local

  type: erberos

  realm-name: CARAG.LOCAL

  domain-name: carag.local

  configured: no

  server-software: active-directory

  client-software: sssd

  required-package: sssd-tools

  required-package: sssd

  required-package: libnss-sss

  required-package: libpam-sss

  required-package: adcli

  required-package: samba-common-bin

 

 

# realm join -U Administrator carag.local

Password for Administrator:

See: journalctl REALMD_OPERATION=r734.1183

Realm: Couldn't join realm: Insufficient permissions to join the domain

 

 

# journalctl REALMD_OPERATION=r734.1183

-- Logs begin at Wed 2021-02-03 16:25:21 CET, end at Wed 2021-02-03 16:37:35
CET. --

Feb 03 16:37:31 srvcar010.carag.local realmd[1186]:  * Resolving:
_ldap._tcp.carag.local

Feb 03 16:37:31 srvcar010.carag.local realmd[1186]:  * Performing LDAP DSE
lookup on: 192.168.201.105

Feb 03 16:37:31 srvcar010.carag.local realmd[1186]:  * Successfully
discovered: carag.local

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * Unconditionally
checking packages

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * Resolving required
packages

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * LANG=C
/usr/sbin/adcli join --verbose --domain carag.local --domain-realm
CARAG.LOCAL --domain-controller 192.168.201.105 --login-type user --log

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * Using domain name:
carag.local

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * Calculated computer
account name from fqdn: SRVCAR010

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * Using domain realm:
carag.local

Feb 03 16:37:34 srvcar010.carag.local realmd[1186]:  * Sending netlogon
pings to domain controller: ldap://192.168.201.105

Feb 03 16:37:35 srvcar010.carag.local realmd[1186]:  * Received NetLogon
info from: srvcarad003.carag.local

Feb 03 16:37:35 srvcar010.carag.local realmd[1186]:  * Wrote out krb5.conf
snippet to /var/cache/realmd/adcli-krb5-Lsc4Fq/krb5.d/adcli-krb5-conf-qipHGR

Feb 03 16:37:35 srvcar010.carag.local realmd[1186]:  * Authenticated as
user: Administrator at CARAG.LOCAL

Feb 03 16:37:35 srvcar010.carag.local realmd[1186]:  ! Couldn't authenticate
to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more informa

Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: adcli: couldn't connect
to carag.local domain: Couldn't authenticate to active directory: SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS f

Feb 03 16:37:35 srvcar010.carag.local realmd[1186]:  ! Insufficient
permissions to join the domain
<mailto:root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d#>
root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d#

 

Thanks

 



More information about the samba mailing list