Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2962: adjoin self-serve fails for pre-created computer with hostname > 15 chars with error:get creds: Client not found in Kerberos database

Centrify DirectControl ,  

12 April,16 at 11:44 AM

Applies to: Centrify DirectManage Access Manager  5.1.0-497 


Problem:

 

Prior to join, in the /etc/centrifydc/centrifydc.conf file, the parameter is set as

  adjoin.samaccountname.length: 19

 

From the Centrify DirectManage Access Manager console, the computer account was pre-created with a hostname > 15 characters.

 

adjoin with the self-serve option was run as follows:

 

  #adjoin -V -S <domainname>


The adjoin self-serve failed with the following error in the log as:

 

 

adjoin[3279]: DIAG base.aduser Error: get creds: Client not found in Kerberos database for user vsrhel1234567890$@XYZ.COM (enctype: ArcFour with HMAC/md5) .......

adjoin[3279]: DEBUG base.osutil Module=Kerberos : get creds: Client not found in Kerberos database (reference base/adbind.cpp:416 rc: -1765328378) ......

adjoin[3279]: DEBUG cli.adjoin Error: Invalid user or password ......

adjoin[3279]: INFO  cli.adjoin Join to domain 'xyz.com', zone '' failed.

 

Cause:

 

The computer object is pre-created with the name > 15 characters up to 19 characters. (NOTE: 19 characters is the limit allowed). 

 

But the samAccountName is truncated to 15+$. This causes problems for adjoin as it is unable to find the computer object.

 

Workaround:

 

1.Remove or comment out the line in /etc/centrifydc/centrifydc.conf:

 

   #adjoin.samaccountname.length: 19

 

2. Run the adjoin 


   #adjoin -V -S <domainname>

 

Resolution :

 

This will be fixed in the future releases.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.