Hide Forgot
Description of problem: adcli delete-computer doesn't work. Command ends with error: ... ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) Version-Release number of selected component (if applicable): adcli-0.7.3-1.el6 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: adcli -v delete-computer --domain=ad.baseos.qe --domain-controller=10.34.37.22 rhel6_5.ad.baseos.qe * Using domain name: ad.baseos.qe * Calculated computer account name from fqdn: RHEL6_5 * Calculated domain realm from name: AD.BASEOS.QE * Sending cldap pings to domain controller: 10.34.37.22 * Received NetLogon info from: sec-ad1.ad.baseos.qe * Wrote out krb5.conf snippet to /tmp/adcli-krb5-ARWBsf/krb5.d/adcli-krb5-conf-8bog7q Password for Administrator@AD.BASEOS.QE: * Authenticated as user: Administrator@AD.BASEOS.QE ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) adcli: couldn't connect to ad.baseos.qe domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) Expected results: adcli -v delete-computer pass Additional info:
Hmmm, I've never tested adcli on RHEL 6. Could easily have problems with the older version of krb5 there. Could you run the command again with the environment variable KRB5_TRACE=/dev/stderr
krb5.conf is missing 'rdns=false' on RHEL 6. If you add it to your [libdefaults] section then the test case will work. 'rdns=false' is the default on RHEL 7 and Fedora 19+. Well it won't "work" in this case, because I just deleted the computer account you were testing against :) ... but you get what I mean.
Now it works, thank you for the help Stef.