couldn't get kerberos ticket for realm
I have successfully built an Active Director on AWS. I can ping the directory from Centos7 EC2 instance located in the same VPC. Now, I try to join the realm, but I receive the following errors:
[ec2-user@ip-172-22-2-182 ~]$ sudo realm join -U [email protected] corp.xxx.com --verbose
* Resolving: _ldap._tcp.corp.xxx.com
* Resolving: corp.xxx.com
* Performing LDAP DSE lookup on: 172.22.2.34
* Successfully discovered: corp.xxx.com
Password for [email protected]:
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
* LANG=C /usr/sbin/adcli join --verbose --domain xxx.com --domain-realm CORP.xxx.COM --domain-controller 172.22.2.34 --login-type user --login-user [email protected] --stdin-password
* Using domain name: corp.xxx.com
* Calculated computer account name from fqdn: IP-172-22-2-182
* Using domain realm: xxx.com
* Sending netlogon pings to domain controller: cldap://172.22.2.34
* Received NetLogon info from: WIN-QUUMO7C7PU3.xxx.com
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-g1oscN/krb5.d/adcli-krb5-conf-RlQBkY
! Couldn't get kerberos ticket for: [email protected]: Cannot find KDC for realm "xxx.com"
adcli: couldn't connect to xxx.com domain: Couldn't get kerberos ticket for: [email protected]: Cannot find KDC for realm "xxx.com"
! Failed to join the domain
realm: Couldn't join realm: Failed to join the domain
[ec2-user@ip-172-22-2-182 ~]$
Anyone knows how to resolve it? Amazon Documentation does not say anything about installing Samba and its integration with AWS Windows Active Directory. It only has this link to enroll the host enter link description here
Thanks
Answer
Not sure if this is still unresolved, but I encountered the same error as well when joining an Ubuntu machine to my domain... If you are using Ubuntu 16.04, you must enter the domain name portion of the username with all capital letters.
For example, [email protected] corp.xxx.com --verbose, worked for me.