Red Hat Bugzilla – Bug 1312109
net ads join throws "Failed to join domain: failed to set machine kerberos encryption types: Insufficient access"
Last modified: 2016-11-04 02:59:13 EDT
Description of problem:
Customer is attempting to join AD domain via "net ads join -U xxx@domain -S <DC hostname>". Command throws "Failed to join domain: failed to set machine kerberos encryption types: Insufficient access"
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. make sure that user joining client don't have permissions to modify msDS-SupportedEncryptionTypes LDAP attribute (settings "The account supports Kerberos AES 128/256 bit encryption"
2. run net ads join -U user@domain -S <DC hostname>
get "Failed to join domain: failed to set machine kerberos encryption types: Insufficient access"
Client seems is joined domain but still error message
client joins domain without any errors
BZ is related to upstream patch https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=d9ede628af3c4befc1249a1ad4ee4e23ef75b7c7
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.