Whatever you’ve been using Centrify for a month or years on a Linux machine joined to an Active Directory Domain Controller, login using an AD user might suddenly stop work and display the following error message in the system logs (/var/log/message) :
adclient[4933]: INFO <bg:ageBindings> base.bind.healing Lost connection to pdc.ad-forest.domain.tld. Running in disconnected mode: KDC refused skey:Preauthentication failed
adclient[4933]: INFO <bg:ageBindings> base.bind.healing Lost connection to pdc.ad-forest.domain.tld(GC). Running in disconnected mode: KDC refused skey:Preauthentication failed
adclient[4933]: ERROR <bg:ageBindings> base.adagent Can’t use default machine password. Please reset computer account in Active Directory.
Well, the message is pretty obvious… the client computer can no longer connect to the DC due to authentication failure between the computer and the Domain Controller. Fortunately there is several workarounds…
1. Reset “Computer” password directly through Active Directory Users and Computers (ADUC) ”
dsa.msc
OR :
Change the AD Computer password/reset from the client computer :
adkeytab -C adkeytab -r
3. Ultimately if any of the steps above fail (or the computer is missing from AD computers in ADUC), then leave the domain, reboot and join again :
adleave -f -u <domain_admin_user> -V
REBOOT and join the domain again :
adjoin -u<domain_admin_user> -p<domain_admin_user_password> -f -w -n<computer_name.domain.tld> <domain.tld>