When attempting to join a Quest Authentication Services (QAS/VAS) client to Active Directory (AD), the following error message is shown in the debug output:
Caused by: KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm
Trying to connect on port 389 from the Domain Controller (DC), IPv6 information returns:
telnet: connect to address 3001:9402:5:2:316:4eff:ee2e:8455: Connection refused
Connected to yourdomain.com (192.168.1.1).
Escape character is ^].
IPv6 has been enabled on the DC by running the following command:
C:\> netsh interface ipv6 install
If IPv4 and IPv6 are both installed on the Domain Controllers, both forms of the addresses will be returned during a DNS query prior to the LDAP connection attempt. IPv6 prevents a Linux box from joining the domain if the AD servers *and* the Linux box are both running IPv6.
If IPv6 is required in the environment a workaround is to disable IPv6 on the Linux box via editing the modprobe.conf file, join the domain, then re-enable IPv6.
Or else disable IPv6 for the DC. On Redhat, IPv6 is enabled by default. You can disable IPv6 on RHEL by adding the following lines to the /etc/modprobe.conf file:
alias net-pf-10 off
alias ipv6 off