[Samba] WERR_INTERNAL_ERROR on samba-tool domain join
stephen.vose at comcast.net
Fri Feb 24 16:05:56 UTC 2023
I found the following in the logs:
[2023/02/23 16:41:40.016934, 1]
drsuapi_encrypt_attribute_value: GNUTLS ERROR:
GNUTLS_E_UNWANTED_ALGORITHM, WERROR: WERR_INTERNAL_ERROR at
[2023/02/23 16:41:40.016952, 0]
Unable to encrypt unicodePwd on
CN=krbtgt,CN=Users,DC=privatedomain,DC=com in DRS object -
Both machines had "fips-mode-setup --enable", so I turned that off and
rebooted both of them, and the join operation completed successfully.
Started samba-ad-dc on the new DC and it ran, albeit with a number of
TSIG verify failure errors and an exit code of 26, but that's a
completely different issue I can work on.
So it looks like, at least with that setup, trying the join with FIPS
mode enabled fails.
More information about the samba