Applies to: All versions of Centrify DirectControl for UNIX/Linux

Problem:

adjoin with option "-k" fails to join a domain whose domain and forest functional levels are Windows Server 2008. Running it yields the following error message:

bash-3.00# adjoin -p pass,123 -k server.test
Using writable domain controller: win-nqe8dmvosvd.server.test
Error: Invalid user or password

Join to domain 'server.test', zone 'default' failed.

Cause:

[root@rhel3 root]# adjoin --help | grep des
  -k, --des                use DES key only

-k means to use DES encryption during the adjoin operation; DES encryption is no longer supported by Windows 2008 domains by default.

Resolution:

One can manually enable DES on the domain by setting the following group policy:

Under Computer Configuration/Windows Settings/Local Policies/Security Options/Network Security:

i. Configure available encryption types for Kerberos
ii. Enable All but "Future Encryption Types"
iii. Reboot Domain Controller.

Please refer to this Microsoft post for more information:

http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/ecf15eb9-26cf-483b-b1e3-1b1c7e4901e8

(Link provided as a courtesy)