Joins using keytab failing: "ERROR: Failed to establish host credentials: VAS_ERR_CRED_NEEDED: Unable to find a keytab entry".
For example
# vastool -u administrator -k /tmp/administrator.keytab join -f yourdomain.com
Checking whether computer is already joined to a domain ... yes
WARNING: This computer is already joined to domain: yourdomain.com.
The existing configuration will be overwritten.
Overriding and rejoining ... OK
Password for administrator@yourdomain.com:
OK
Unmapping mapped users ... OK
Stopping daemon: vasd ... OK
Configuring forest root ... cpr1.vas ... OK
Configuring site ... Default-First-Site-Name ... OK
Joining computer to the domain as host/username.vintela.com ... OK
Joined using computer object "CN=username,CN=Computers,DC=cpr2,DC=vas" ... OK
Writing vas.conf ... OK
Populating misc cache ... OK
Preparing to apply Group Policy ... OK
Applying Group Policy Settings ... OK
ERROR: Failed to establish host credentials: VAS_ERR_CRED_NEEDED: Unable to
find a keytab entry in /tmp/administrator.keytab for USERNAME$@yourdomain.com
ERROR: Could not join to the domain
VAS_ERR_CRED_NEEDED: Unable to find a keytab entry in /tmp/administrator.keytab
for USERNAME$@yourdomain.com
Product Defect in QAS 4.0.3.24. Fixed in 4.0.3.35 and up.
STATUS:
Issue fixed in version 4.0.3.35. Please note 4.0.3.x version are no longer supported as of 3/16/2015. We recommend you upgrade to a support version as soon as possible.
WORKAROUND:
# vastool configure realm <YOURDOMAIN>
# vastool -k <PATH TO KEYTAB FILE> kinit <SERVICE ACCT>
# vastool join <DOMAIN>
RESOLUTION:
Upgrade to new software. Please go to https://support.oneidentity.com/authentication-services/download-new-releases to download the latest software.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center