Domain join fails, encryption type not supported

codevark · October 15, 2021, 3:48pm

Tried to join a RL8.4 VM to our Windows domain (AD is Server 2019 Core), but it fails:

Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
LANG=C /usr/sbin/adcli join --verbose --domain i.c.edu --domain-realm I.C.EDU --domain-controller www.xxx.yyy.zzz --login-type user --login-user abc --stdin-password
Using domain name: i.c.edu
Calculated computer account name from fqdn: FGNEJVAQ
Using domain realm: i.c.edu
Sending NetLogon ping to domain controller: www.xxx.yyy.zzz
Received NetLogon info from: dc.i.c.edu
Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-DKx58v/krb5.d/adcli-krb5-conf-BtSHIw
! Couldn’t authenticate as: abc@I.C.EDU: KDC has no support for encryption type
adcli: couldn’t connect to i.c.edu domain: Couldn’t authenticate as: abc@I.C.EDU: KDC has no support for encryption type
! Failed to join the domain

What encryption type is it looking for? How to enable that?

TIA
Pete

nazunalika · October 17, 2021, 11:08pm

This sounds odd, considering it’s server 2019. My first thought is that old ciphers are being used, but you are using a mostly recent Windows Server version. Generally I suggest to try to run update-crypto-policies --set DEFAULT:AD-SUPPORT or LEGACY but I don’t know if these would work for you.

If I have time, I’ll spin up an AD lab and see if I can reproduce.

Topic		Replies	Views
Can't Join Active Directory with Realm - No Support for Encryption Type Rocky Linux General	6	381	August 2, 2023
ActiveDirectory integration problem in Rocky9 Rocky Linux General	7	2757	August 25, 2023
Cant log into rocky8.7 with domain credentials Rocky Linux General	10	810	August 25, 2023
Join Rocky to Windows AD Rocky Linux General	0	229	July 4, 2023
Linux-AD Direct Integration with SSSD & Kerberos Rocky Linux General	21	11730	August 25, 2023

Domain join fails, encryption type not supported

Related Topics