12 April,16 at 11:44 AM
Applies to: Centrify DirectManage Access Manager 5.1.0-497
Problem:
Prior to join, in the /etc/centrifydc/centrifydc.conf file, the parameter is set as
adjoin.samaccountname.length: 19
From the Centrify DirectManage Access Manager console, the computer account was pre-created with a hostname > 15 characters.
adjoin with the self-serve option was run as follows:
#adjoin -V -S <domainname>
The adjoin self-serve failed with the following error in the log as:
adjoin[3279]: DIAG base.aduser Error: get creds: Client not found in Kerberos database for user vsrhel1234567890$@XYZ.COM (enctype: ArcFour with HMAC/md5) .......
adjoin[3279]: DEBUG base.osutil Module=Kerberos : get creds: Client not found in Kerberos database (reference base/adbind.cpp:416 rc: -1765328378) ......
adjoin[3279]: DEBUG cli.adjoin Error: Invalid user or password ......
adjoin[3279]: INFO cli.adjoin Join to domain 'xyz.com', zone '' failed.
Cause:
The computer object is pre-created with the name > 15 characters up to 19 characters. (NOTE: 19 characters is the limit allowed).
But the samAccountName is truncated to 15+$. This causes problems for adjoin as it is unable to find the computer object.
Workaround:
1.Remove or comment out the line in /etc/centrifydc/centrifydc.conf:
#adjoin.samaccountname.length: 19
2. Run the adjoin
#adjoin -V -S <domainname>
Resolution :
This will be fixed in the future releases.