Trying to join an AD domain (Sama 4 AD DC) from a specific (Ubuntu 20.04) server would fail with a \u00ab\u00a0Server not found in Kerberos database\u00a0\u00bb error:<\/p>\n\n\n\n
# realm join -U john.doe -v AD_EXAMPLE_NET\n * Resolving: _ldap._tcp.ad.example.net\n * Performing LDAP DSE lookup on: 10.100.100.2\n * Successfully discovered: ad.example.net\nPassword for john.doe:\n * Unconditionally checking packages\n * Resolving required packages\n * LANG=C \/usr\/sbin\/adcli join --verbose --domain ad.example.net --domain-realm AD.EXAMPLE.NET --domain-controller 10.100.100.2 --login-type user --login-user john.doe --stdin-password\n * Using domain name: ad.example.net\n * Calculated computer account name from fqdn: SRV\n * Using domain realm: ad.example.net\n * Sending NetLogon ping to domain controller: 10.100.100.2\n * Received NetLogon info from: smb.ad.example.net \n * Wrote out krb5.conf snippet to \/var\/cache\/realmd\/adcli-krb5-dN4Dz2\/krb5.d\/adcli-krb5-conf-JLqdZ0\n * Authenticated as user: john.doe@AD.EXAMPLE.NET\n ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)\nadcli: couldn't connect to ad.example.net domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)\n ! Insufficient permissions to join the domain<\/code><\/pre>\n\n\n\nIt turns out that this problem was that the IP address of the AD controller would not resolve back in reverse to it’s original DNS name!<\/p>\n\n\n\n
The explanation of this problem (and solution) was found in the following post: https:\/\/aws.nz\/best-practice\/ad-join\/<\/a><\/p>\n\n\n\nThe solution is either to:<\/p>\n\n\n\n
\n- set a correct DNS reverse PTR that points back to the DNS name of the AD controller<\/li>\n\n\n\n
- or add the option
rdns = false<\/code> in the [libdefaults]<\/code> setion in `\/etc\/krb5.conf`<\/li>\n<\/ul>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Trying to join an AD domain (Sama 4 AD DC) from a specific (Ubuntu 20.04) server would fail with a \u00ab\u00a0Server not found in Kerberos database\u00a0\u00bb error: It turns out that this problem was that the IP address of the … Continuer la lecture