I used this procedure on a host I had built back in 2020 running 6.2 without issue. On My new host running 8.0.3 I'm getting the following error. I haven't been able to find much in the way of searching the web.
The DC it's authenticating against is Windows 2016 with a 2016 functional level.
The DC it's authenticating against is Windows 2016 with a 2016 functional level.
Code:
root@host:~# realm join -v --user admin@DOMAIN.LOCAL DOMAIN.LOCAL
* Resolving: _ldap._tcp.DOMAIN.LOCAL
* Performing LDAP DSE lookup on: 192.168.2.31
* Performing LDAP DSE lookup on: 192.168.2.32
* Successfully discovered: DOMAIN.LOCAL
Password for admin@DOMAIN.LOCAL:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain DOMAIN.LOCAL --domain-realm DOMAIN.LOCAL --domain-controller 192.168.2.31 --login-type user --login-user admin@DOMAIN.LOCAL --stdin-password
* Using domain name: DOMAIN.LOCAL
* Calculated computer account name from fqdn: host
* Using domain realm: DOMAIN.LOCAL
* Sending NetLogon ping to domain controller: 192.168.2.31
* Received NetLogon info from: DC.DOMAIN.LOCAL
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-xjaM94/krb5.d/adcli-krb5-conf-0KQV4k
* Authenticated as user: admin@DOMAIN.LOCAL
* Using GSS-SPNEGO for SASL bind
! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
adcli: couldn't connect to DOMAIN.LOCAL domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
! Insufficient permissions to join the domain
realm: Couldn't join realm: Insufficient permissions to join the domain
root@host:~#