How to fix the Active Directory Authentication Issue with Ubuntu 16.04 in AWS
I have had the same issue with joining my Ubuntu 16.04 machine and all I had to do to resolve the problem is set the rdns flag to false in the krb5.conf as shown below:
/etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
Once you have added the line, you can join the machine to the domain by using the command:
sudo realm join -U [email protected] example.com --verbose
Anish Varghese
Updated on June 26, 2022Comments
-
Anish Varghese almost 2 years
While trying to manually join a Linux Instance of Ubuntu 16.04 in AWS Manged Active Directory using the tutorial https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_linux_instance.html, the authentication to the realm succeeded, but after that I am getting this error while trying to join the UBuntu 16.04 instance to AD:
Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success) adcli: couldn't connect to ad.nettracer.aero domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success) ! Insufficient permissions to join the domain realm: Couldn't join realm: Insufficient permissions to join the domain
however, the same is working for CentOS.
Is there is anything wrong happens from my end?
-
Joe almost 5 yearsWow, just wow. Every time I think I understand integrating Linux and Windows environments I am humbled.
-
Jay over 3 yearsThis answer saved me quite a bit of time. To add to the answer: I'm starting a VM on AWS with Ubuntu 20.04, so in the cloud-init user-data (the startup file), I'm joining the domain. For anybody that must join from a startup file: Before the line with
echo "password" realm join -U admin domain.com
, I've addedsed -i -e 's/\[libdefaults\]/[libdefaults]\n\trdns = false/g' /etc/krb5.conf
, which edits/etc/krb5.conf
to addrdns = false
, as this answer states. -
symcbean over 3 yearsI had the same error on Linux Mint 20 running on my own infrastructure. There was no /etc/ktb5.conf, but creating the file with content as above appears to have resolved the problem.