realmd を使用して Active Directory に参加できない - KDC reply did not match expectations
Issue
-
ドメインユーザー
administrator@example.comを使用して Active Directory ドメイン1 に参加しようとしました。 -
レルムコマンド
realm join example.com -U administrator@example.comが実行されましたが、以下のエラーが発生しました。# realm join example.com -U administrator@example.com Password for administrator@example.com: realm: Couldn't join realm: Failed to join the domain -
/var/log/messagesにエラーメッセージKDC reply did not match expectationsが記録されていました。realmd[14003]: * Resolving: _ldap._tcp.example.com realmd[14003]: * Performing LDAP DSE lookup on: 10.0.2.15 realmd[14003]: * Successfully discovered: example.com realmd[14003]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli realmd[14003]: * LANG=C /usr/sbin/adcli join --verbose --domain example.com --domain-realm EXAMPLE.COM --domain-controller 10.0.2.15 --login-type user --login-user administrator@example.com --stdin-password realmd[14003]: * Using domain name: example.com realmd[14003]: * Calculated computer account name from fqdn: RHEL8 realmd[14003]: * Using domain realm: example.com realmd[14003]: * Sending netlogon pings to domain controller: cldap://10.0.2.15 realmd[14003]: * Received NetLogon info from: AD19.example.com realmd[14003]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-772B1r/krb5.d/adcli-krb5-conf-pKEbW1 realmd[14003]: ! Couldn't get kerberos ticket for: administrator@example.com: KDC reply did not match expectations realmd[14003]: adcli: couldn't connect to example.com domain: Couldn't get kerberos ticket for: administrator@example.com: KDC reply did not match expectations realmd[14003]: ! Failed to join the domain -
RHEL7 では同じコマンドが問題なく動作します。
Environment
- Red Hat Enterprise Linux 8
- Active Directory (AD)
- Realmd
- SSSD
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
