[Samba] join to domain failed - Insufficient permissions to join the domain
Maurizio Caloro
maurizio at caloro.ch
Wed Feb 3 15:44:26 UTC 2021
Hello
Installing now new Debian 10 Server and need to add this to domain Samba
4.13.2, in the meantime was running without any problems.
Installing this
apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli
samba-common-bin oddjob oddjob-mkhomedir packagekit
root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# cat
/etc/resolv.conf
domain carag.local
search carag.local
nameserver 192.168.201.92
discovery running without problem
/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# realm discover carag.local
carag.local
type: erberos
realm-name: CARAG.LOCAL
domain-name: carag.local
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
# realm join -U Administrator carag.local
Password for Administrator:
See: journalctl REALMD_OPERATION=r734.1183
Realm: Couldn't join realm: Insufficient permissions to join the domain
# journalctl REALMD_OPERATION=r734.1183
-- Logs begin at Wed 2021-02-03 16:25:21 CET, end at Wed 2021-02-03 16:37:35
CET. --
Feb 03 16:37:31 srvcar010.carag.local realmd[1186]: * Resolving:
_ldap._tcp.carag.local
Feb 03 16:37:31 srvcar010.carag.local realmd[1186]: * Performing LDAP DSE
lookup on: 192.168.201.105
Feb 03 16:37:31 srvcar010.carag.local realmd[1186]: * Successfully
discovered: carag.local
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Unconditionally
checking packages
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Resolving required
packages
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * LANG=C
/usr/sbin/adcli join --verbose --domain carag.local --domain-realm
CARAG.LOCAL --domain-controller 192.168.201.105 --login-type user --log
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Using domain name:
carag.local
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Calculated computer
account name from fqdn: SRVCAR010
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Using domain realm:
carag.local
Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Sending netlogon
pings to domain controller: ldap://192.168.201.105
Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: * Received NetLogon
info from: srvcarad003.carag.local
Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: * Wrote out krb5.conf
snippet to /var/cache/realmd/adcli-krb5-Lsc4Fq/krb5.d/adcli-krb5-conf-qipHGR
Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: * Authenticated as
user: Administrator at CARAG.LOCAL
Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: ! Couldn't authenticate
to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more informa
Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: adcli: couldn't connect
to carag.local domain: Couldn't authenticate to active directory: SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS f
Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: ! Insufficient
permissions to join the domain
<mailto:root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d#>
root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d#
Thanks
More information about the samba
mailing list