I have setup an AD server in my private network. I can successfully join the domain from windows PCs. But when I try to join my ubuntu clients (ubuntu 23.04) I get errors that get me nowhere on google.
bp@legion:app (UM-200_usb) % sudo realm join -U -v Administrator sb.lan
* Resolving: _ldap._tcp.sb.lan
* Performing LDAP DSE lookup on: 172.19.0.2
* Performing LDAP DSE lookup on: 192.168.1.100
* Successfully discovered: sb.lan
Password for Administrator:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain sb.lan --domain-realm SB.LAN --domain-controller 192.168.1.100 --login-type user --login-user Administrator --stdin-password
* Using domain name: sb.lan
* Calculated computer account name from fqdn: LEGION
* Using domain realm: sb.lan
* Sending NetLogon ping to domain controller: 192.168.1.100
* Received NetLogon info from: dc.sb.lan
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-2BPZfj/krb5.d/adcli-krb5-conf-EO27Dm
! Couldn't authenticate as: [email protected]: Preauthentication failed
adcli: couldn't connect to sb.lan domain: Couldn't authenticate as: [email protected]: Preauthentication failed
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
chat gpt, and too many forums are pointing towards kerberos configuration. I am not even sure if I use kerberos. I am following the official ubuntu docs. Anyway, I don't have /etc/krb5.conf, nor do I know if I should...
so I've installed :
sudo apt install sssd-ad sssd-tools realmd adcli
I am sure that:
- domain is correct
- Administrator exists (I used the same username/password to join windows 10 client)
- password is correct
- this exact problem reproduces on three other ubuntu laptops (on 23.04 and 23.10)
Is there anybody who can shed some light on this? Am I doing something wrong?