12 April,16 at 11:45 AM
Applies to: All versions of Centrify DirectControl for UNIX/Linux
Problem:
adjoin with option "-k" fails to join a domain whose domain and forest functional levels are Windows Server 2008. Running it yields the following error message:
bash-3.00# adjoin -p pass,123 -k server.test
Using writable domain controller: win-nqe8dmvosvd.server.test
Error: Invalid user or password
Join to domain 'server.test', zone 'default' failed.
Cause:
[root@rhel3 root]# adjoin --help | grep des
-k, --des use DES key only
-k means to use DES encryption during the adjoin operation; DES encryption is no longer supported by Windows 2008 domains by default.
Resolution:
One can manually enable DES on the domain by setting the following group policy:
Under Computer Configuration/Windows Settings/Local Policies/Security Options/Network Security:
i. Configure available encryption types for Kerberos
ii. Enable All but "Future Encryption Types"
iii. Reboot Domain Controller.
Please refer to this Microsoft post for more information:
http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/ecf15eb9-26cf-483b-b1e3-1b1c7e4901e8
(Link provided as a courtesy)