Joining with a keytab created is producing the error:
ERROR: Incorrect Password.
When specifying -u <name> with vastool and a keytab, make sure the case of the name matched the case of the principal in AD.
( sAMAccountName ).
You can test that this is the issue by removing the AES ciphers and joining with the keytab.
1.) Copy the keytab to a temporary location to ensure a backup copy is created.
2.) Run the following command replacing <keytab> with the keytab being used:
/opt/quest/bin/vastool -k <path to keytab> -u <join account> attrs <join account> | sed 5q
5) Check the case of the joiner account name. If different that what was used initially test the join again with the correct case and the original keytab with the AES entries.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center