Unable to join AD domain using Winbind - Ticket is ineligible for postdating / Ticket expired

Solution Verified - Updated -

Issue

  • Attempting to join Active Directory (AD) domain using Winbind 1
  • Ticket is ineligible for postdating error is returned

    [root@rhel ~]# net ads join -U Administrator
    Enter Administrator's password:
    kerberos_kinit_password Administrator@EXAMPLE.COM failed: Ticket is ineligible for postdating
    Failed to join domain: failed to connect to AD: Ticket is ineligible for postdating
    
    [root@rhel ~]# net ads testjoin
    kerberos_kinit_password RHEL$@EXAMPLE.COM failed: Ticket is ineligible for postdating
    kerberos_kinit_password RHEL$@EXAMPLE.COM failed: Ticket is ineligible for postdating
    Join to domain is not valid: Undetermined error
    
  • Or, Ticket expired error is returned

    [root@rhel ~]# net ads join -U Administrator
    Enter Administrator's password:
    kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS failure.  Minor code may provide more information : Ticket expired
    Failed to join domain: failed to connect to AD: Unspecified GSS failure.  Minor code may provide more information : Ticket expired
    
    [root@rhel ~]# net ads testjoin
    kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS failure.  Minor code may provide more information : Ticket expired
    kinit succeeded but ads_sasl_spnego_krb5_bind failed: Unspecified GSS failure.  Minor code may provide more information : Ticket expired
    Join to domain is not valid: Undetermined error
    

Environment

  • Red Hat Enterprise Linux 6
    • samba-winbind-3.6.23

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In