ERROR_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN

Error

When attempting to join a domain, the following is returned:

LW_ERROR_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 

Cause

This issue typically occurs because the user specified to join the computer to the Active Directory (AD) domain does not exist in AD. In the following example, user2 is not a valid AD user.

[user1@host1 bin]$ ./domainjoin-cli --loglevel debug --logfile /tmp/join.log join --ou 'My OU' example.com user2

Joining to AD Domain: example.com

With Computer DNS Name: host1.example.com

User2@EXAMPLE.COM's password:

Error: LW_ERROR_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN [code 0x0000a309]

Client not found in Kerberos database

Resolution

To correct this issue, verify a valid AD user is specified during the join process.