Created attachment 129337 [details]
I'm using this command for joining a Windows 2008 server AD from a Linux Mint 18.1 computer :
sudo realm join -v --user=Administrateur --client-software=sssd 2008-STANDARD.NUMOPEN
I've got this error i the AD admin password contains special characters (password = ²&é"'³1234), it works well if not :
! Couldn't authenticate as : Administrateur@2008-STANDARD.NUMOPEN: Preauthentication failed
adcli: couldn't connect to 2008-standard.numopen domain : Couldn't authenticate as : Administrateur@2008-STANDARD.NUMOPEN: Preauthentication failed
To reproduce the bug : http://www.numopen.fr/Integrer-un-ordinateur-avec-Linux-Mint-MATE-dans-un-domaine-Windows
(sorry, it's in french)
To which value is the LANG environment variable set when you call the realm command?
As a workaround you might want to try
realm join -v --client-software=sssd 2008-STANDARD.NUMOPEN
Created attachment 133942 [details]
Same error with kinit before realm
Do you know which character set is used on the Windows side and which keyboard layout was used when entering the password on the Windows side?
Since it is only about special characters maybe
echo ²&é"'³1234 | iconv -f UTF-8 -t CP1252 | kinit Administrateur@2008-STANDARD.NUMOPEN
I tried to reproduce this with an English Windows 2008R2 and a German keyboard and all special German characters worked fine.
You can also try to check the other way round be first setting a password without special French characters and then using 'kpasswd' on the Linux side to set a new password with special characters. After that verify that 'kinit' on the Linux side now works and then try to login with the new password on a Windows desktop. Please note that I think there is a fair chance that now authentication on the Windows side might fail so please make sure you can reset the password on the Windows side if needed.
My Linux Mint MATE and my Windows server 2008 are installed on VirtualBox.
So, I can test Kerberos joigning with normal password (it works) and then, change the password on Windows server (it doesn't works with ²&é"'³1234 ) and reuse the initial Linux Mint installation.
If you want to reproduce the bug, I can give you my Virtualbox files. Send to me a USB stick and your postal adress (my internet connexion is too slow).
Of course, I can login as Administrateur user (it's the french name of Administrator default account on Windows server 2008) on the windows server with ²&é"'³1234 password but not from Linux Mint with Kerberos.
> Do you know which character set is used on the Windows side and which
> keyboard layout was used when entering the password on the Windows side?
How can I see these parameters in Windows ? Could you help me ?
I tested these commands :
echo ²\&é\"\'³1234 | iconv -f UTF-8 -t CP1252 | kinit Administrateur@2008-STANDARD.NUMOPEN
I changed the Administrateur password on Windows server to Azerty3 and after, to Azerty4 (because Azerty3 expired) :
echo Azerty4 | iconv -f UTF-8 -t CP1252 | kinit Administrateur@2008-STANDARD.NUMOPEN
See screenshot joined.
Created attachment 134770 [details]
Azerty4 passaword works, not ²&é"'³1234 password