Applies to: Centrify DirectManage Access Manager  5.1.0-497 

Problem:

Prior to join, in the /etc/centrifydc/centrifydc.conf file, the parameter is set as

  adjoin.samaccountname.length: 19

From the Centrify DirectManage Access Manager console, the computer account was pre-created with a hostname > 15 characters.

adjoin with the self-serve option was run as follows:

  #adjoin -V -S <domainname>

The adjoin self-serve failed with the following error in the log as:

adjoin[3279]: DIAG base.aduser Error: get creds: Client not found in Kerberos database for user vsrhel1234567890$@XYZ.COM (enctype: ArcFour with HMAC/md5) .......

adjoin[3279]: DEBUG base.osutil Module=Kerberos : get creds: Client not found in Kerberos database (reference base/adbind.cpp:416 rc: -1765328378) ......

adjoin[3279]: DEBUG cli.adjoin Error: Invalid user or password ......

adjoin[3279]: INFO  cli.adjoin Join to domain 'xyz.com', zone '' failed.

Cause:

The computer object is pre-created with the name > 15 characters up to 19 characters. (NOTE: 19 characters is the limit allowed). 

But the samAccountName is truncated to 15+$. This causes problems for adjoin as it is unable to find the computer object.

Workaround:

1.Remove or comment out the line in /etc/centrifydc/centrifydc.conf:

   #adjoin.samaccountname.length: 19

2. Run the adjoin 

   #adjoin -V -S <domainname>

Resolution :

This will be fixed in the future releases.