Join ad AD 2022 con sssd non funziona

quando provo a fare il join ottengo sempre il seguente errore (invece samba/winbind funziona):

  • LANG=C /usr/sbin/adcli join --verbose --domain xxx --domain-realm XXX --domain-controller 192.168.20.2 --log

in-type user --login-user Administrator --stdin-password

  • Using domain name: xxx

  • Calculated computer account name from fqdn: SSSD1

  • Using domain realm: xxx

  • Sending NetLogon ping to domain controller: 192.168.20.2

  • Received NetLogon info from: WIN-IEBMIPOEJGG.xxx

  • Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-rYdbxl/krb5.d/adcli-krb5-conf-jHlffv

  • Authenticated as user: Administrator@xxx

  • Using GSS-SPNEGO for SASL bind

! Couldn’t authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information

(Cannot contact any KDC for realm ‘XXX’)

adcli: couldn’t connect to xxx domain: Couldn’t authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecif

ied GSS failure. Minor code may provide more information (Cannot contact any KDC for realm ‘XXX’)

! Insufficient permissions to join the domain

realm: do not join to realm: Insufficient permissions to join the domain