Unable to join Active Directory using realmd - KDC reply did not match expectations
Issue
-
Attempted to join Active Directory domain 1 using domain user
administrator@example.com -
realm command
realm join example.com -U administrator@example.comwas executed with below error:# realm join example.com -U administrator@example.com Password for administrator@example.com: realm: Couldn't join realm: Failed to join the domain -
Error message
KDC reply did not match expectationswas found in/var/log/messagesrealmd[14003]: * Resolving: _ldap._tcp.example.com realmd[14003]: * Performing LDAP DSE lookup on: 10.0.2.15 realmd[14003]: * Successfully discovered: example.com realmd[14003]: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli realmd[14003]: * LANG=C /usr/sbin/adcli join --verbose --domain example.com --domain-realm EXAMPLE.COM --domain-controller 10.0.2.15 --login-type user --login-user administrator@example.com --stdin-password realmd[14003]: * Using domain name: example.com realmd[14003]: * Calculated computer account name from fqdn: RHEL8 realmd[14003]: * Using domain realm: example.com realmd[14003]: * Sending netlogon pings to domain controller: cldap://10.0.2.15 realmd[14003]: * Received NetLogon info from: AD19.example.com realmd[14003]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-772B1r/krb5.d/adcli-krb5-conf-pKEbW1 realmd[14003]: ! Couldn't get kerberos ticket for: administrator@example.com: KDC reply did not match expectations realmd[14003]: adcli: couldn't connect to example.com domain: Couldn't get kerberos ticket for: administrator@example.com: KDC reply did not match expectations realmd[14003]: ! Failed to join the domain -
The same command works on RHEL7 without any issue.
Environment
- Red Hat Enterprise Linux 8
- Active Directory (AD)
- Realmd
- SSSD
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
