Now joining the same test VM using winbind for authentication.
realm join --automatic-id-mapping=no --membership-software=samba --client-software=winbind DOMAIN
The FQDN for this client is still: kubuntu-lts.client.mpi-dortmund.mpg.de
realm sets incorrect keytab entries without subdomain .client:
Our dhcp sets clients with dynamically configured ip into a subdomain .client.DOMAIN, while clients with static ip go to .DOMAIN.
Example: id-mapping= no --membership- software= adcli DOMAIN
I join clients to AD using sssd for authentication.
realm join --automatic-
The FQDN for this client is: kubuntu- lts.client. mpi-dortmund. mpg.de
realm sets correct keytab entries with correct FQDN including subdomain .client:
root@kubuntu- lts:/etc/ sssd# klist -ke krb5.keytab ------- ------- ------- ------- ------- ------- ------- ------- ------- ---- lts$@MPI- DORTMUND. MPG.DE (arcfour-hmac) lts$@MPI- DORTMUND. MPG.DE (aes128- cts-hmac- sha1-96) lts$@MPI- DORTMUND. MPG.DE (aes256- cts-hmac- sha1-96) LTS$@MPI- DORTMUND. MPG.DE (arcfour-hmac) LTS$@MPI- DORTMUND. MPG.DE (aes128- cts-hmac- sha1-96) LTS$@MPI- DORTMUND. MPG.DE (aes256- cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96)
Keytab name: FILE:/etc/
KVNO Principal
---- -------
2 kubuntu-
2 kubuntu-
2 kubuntu-
2 KUBUNTU-
2 KUBUNTU-
2 KUBUNTU-
2 <email address hidden> (arcfour-hmac)
2 <email address hidden> (aes128-
2 <email address hidden> (aes256-
2 <email address hidden> (arcfour-hmac)
2 <email address hidden> (aes128-
2 <email address hidden> (aes256-
2 <email address hidden> (arcfour-hmac)
2 <email address hidden> (aes128-
2 <email address hidden> (aes256-
2 <email address hidden> (arcfour-hmac)
2 <email address hidden> (aes128-
2 <email address hidden> (aes256-
Now joining the same test VM using winbind for authentication. id-mapping= no --membership- software= samba --client- software= winbind DOMAIN
realm join --automatic-
The FQDN for this client is still: kubuntu- lts.client. mpi-dortmund. mpg.de
realm sets incorrect keytab entries without subdomain .client:
root@kubuntu- lts:/etc/ sssd# klist -ke krb5.keytab ------- ------- ------- ------- ------- ------- ------- ------- ------- ---- cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) LTS$@MPI- DORTMUND. MPG.DE (etype 1) LTS$@MPI- DORTMUND. MPG.DE (etype 3) LTS$@MPI- DORTMUND. MPG.DE (aes128- cts-hmac- sha1-96) LTS$@MPI- DORTMUND. MPG.DE (aes256- cts-hmac- sha1-96) LTS$@MPI- DORTMUND. MPG.DE (arcfour-hmac) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96)
Keytab name: FILE:/etc/
KVNO Principal
---- -------
4 <email address hidden> (etype 1)
4 <email address hidden> (etype 1)
4 <email address hidden> (etype 3)
4 <email address hidden> (etype 3)
4 <email address hidden> (aes128-
4 <email address hidden> (aes128-
4 <email address hidden> (aes256-
4 <email address hidden> (aes256-
4 <email address hidden> (arcfour-hmac)
4 <email address hidden> (arcfour-hmac)
4 <email address hidden> (etype 1)
4 <email address hidden> (etype 1)
4 <email address hidden> (etype 3)
4 <email address hidden> (etype 3)
4 <email address hidden> (aes128-
4 <email address hidden> (aes128-
4 <email address hidden> (aes256-
4 <email address hidden> (aes256-
4 <email address hidden> (arcfour-hmac)
4 <email address hidden> (arcfour-hmac)
4 KUBUNTU-
4 KUBUNTU-
4 KUBUNTU-
4 KUBUNTU-
4 KUBUNTU-
4 <email address hidden> (etype 1)
4 <email address hidden> (etype 1)
4 <email address hidden> (etype 3)
4 <email address hidden> (etype 3)
4 <email address hidden> (aes128-
4 <email address hidden> (aes128-
4 <email address hidden> (aes256-
4 <email address hidden> (aes256-
4 <email address hidden> (arcfour-hmac)
4 <email address hidden> (arcfour-hmac)
If you need any other information, let me know.