Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3684: Error: The account name does not match the SAM account name. You must supply both on the command line.

Centrify DirectControl ,  

23 May,16 at 02:34 PM

Question:
When running the /usr/sbin/adkeytab command, the following error occurs. What does this mean?
 
# sudo ./adkeytab -A -w password krusty -l --keytab krusty.keytab --samname krusty
Administrator@yourmachine's password:

Error: The account name does not match the SAM account name. You must supply both on the command line.
Failed: Adopt Account: krusty
 
 
Note: In the above -A means Adopt, krusty is the username -l means local and -w is the password which has to be typed in the clear (this is a known issue). Please see man pages for adkeytab command for all the flags.
 
Answer:
This can happen if the CN (Canonical name) does not match the SAM account name. In this case, the CN was "Krusty T. Clown" and not krusty (sam account name). In the case where the sAMAccountName is different than the common name for the account, you must also supply the sAMAccountName.The mis-match can be verfied by running adquery user -A "username" or running ldapsearch.
 
You can modify the adkeytab as follows:
 
#/usr/sbin/adkeytab --A -l --keytab krusty.keytab  -w password -S krusty  "Krusty T. Crown"
This will ensure the adkeytab command to run successfully. 
 
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.