[Samba] WERR_INTERNAL_ERROR on samba-tool domain join

Stephen Vose stephen.vose at comcast.net
Fri Feb 24 16:05:56 UTC 2023

I found the following in the logs:

[2023/02/23 16:41:40.016934,  1] 
   drsuapi_encrypt_attribute_value: GNUTLS ERROR: 
[2023/02/23 16:41:40.016952,  0] 
   Unable to encrypt unicodePwd on 
CN=krbtgt,CN=Users,DC=privatedomain,DC=com in DRS object - 

Both machines had "fips-mode-setup --enable", so I turned that off and 
rebooted both of them, and the join operation completed successfully. 
Started samba-ad-dc on the new DC and it ran, albeit with a number of 
TSIG verify failure errors and an exit code of 26, but that's a 
completely different issue I can work on.

So it looks like, at least with that setup, trying the join with FIPS 
mode enabled fails.

More information about the samba mailing list