On 19.10 the bug does not occur and keytab entries are correct:
I joined to AD with:
realm join --user-principal=KUBUNTU-TEST$ --automatic-id-mapping=no --membership-software=samba --client-software=winbind --computer-name=kubuntu-test --os-name=Ubuntu --os-version=19.10 MPI-DORTMUND.MPG.DE
Last version of samba and realm creating a correct keytab in 19.10 are:
root@kubuntu-test:# dpkg -l | grep -E "realm|samba"
ii python3-samba 2:4.10.7+dfsg-0ubuntu2.6 amd64 Python 3 bindings for Samba
ii realmd 0.16.3-3 amd64 DBus service for configuring kerberos and other online identities
ii samba 2:4.10.7+dfsg-0ubuntu2.6 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.10.7+dfsg-0ubuntu2.6 all common files used by both the Samba server and client
ii samba-common-bin 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba core libraries
ii samba-vfs-modules:amd64 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba Virtual FileSystem plugins
On 19.10 the bug does not occur and keytab entries are correct:
I joined to AD with: principal= KUBUNTU- TEST$ --automatic- id-mapping= no --membership- software= samba --client- software= winbind --computer- name=kubuntu- test --os-name=Ubuntu --os-version=19.10 MPI-DORTMUND.MPG.DE
realm join --user-
root@kubuntu-test:# klist -kte krb5.keytab ------- ------- ------- ------- ------- ------- ----- cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) TEST$@MPI- DORTMUND. MPG.DE (etype 1) TEST$@MPI- DORTMUND. MPG.DE (etype 3) TEST$@MPI- DORTMUND. MPG.DE (aes128- cts-hmac- sha1-96) TEST$@MPI- DORTMUND. MPG.DE (aes256- cts-hmac- sha1-96) TEST$@MPI- DORTMUND. MPG.DE (arcfour-hmac) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96)
Keytab name: FILE:/etc/
KVNO Timestamp Principal
---- ------------------- -------
3 01.12.2020 17:04:15 <email address hidden> (etype 1)
3 01.12.2020 17:04:15 <email address hidden> (etype 1)
3 01.12.2020 17:04:15 <email address hidden> (etype 3)
3 01.12.2020 17:04:15 <email address hidden> (etype 3)
3 01.12.2020 17:04:15 <email address hidden> (aes128-
3 01.12.2020 17:04:15 <email address hidden> (aes128-
3 01.12.2020 17:04:15 <email address hidden> (aes256-
3 01.12.2020 17:04:15 <email address hidden> (aes256-
3 01.12.2020 17:04:15 <email address hidden> (arcfour-hmac)
3 01.12.2020 17:04:15 <email address hidden> (arcfour-hmac)
3 01.12.2020 17:04:15 KUBUNTU-
3 01.12.2020 17:04:15 KUBUNTU-
3 01.12.2020 17:04:15 KUBUNTU-
3 01.12.2020 17:04:15 KUBUNTU-
3 01.12.2020 17:04:15 KUBUNTU-
3 01.12.2020 17:05:07 <email address hidden> (etype 1)
3 01.12.2020 17:05:07 <email address hidden> (etype 1)
3 01.12.2020 17:05:07 <email address hidden> (etype 3)
3 01.12.2020 17:05:07 <email address hidden> (etype 3)
3 01.12.2020 17:05:07 <email address hidden> (aes128-
3 01.12.2020 17:05:07 <email address hidden> (aes128-
3 01.12.2020 17:05:07 <email address hidden> (aes256-
3 01.12.2020 17:05:07 <email address hidden> (aes256-
3 01.12.2020 17:05:07 <email address hidden> (arcfour-hmac)
3 01.12.2020 17:05:07 <email address hidden> (arcfour-hmac)
So the regression starts with 20.04.
Last version of samba and realm creating a correct keytab in 19.10 are:
root@kubuntu-test:# dpkg -l | grep -E "realm|samba" 7+dfsg- 0ubuntu2. 6 amd64 Python 3 bindings for Samba 7+dfsg- 0ubuntu2. 6 amd64 SMB/CIFS file, print, and login server for Unix 7+dfsg- 0ubuntu2. 6 all common files used by both the Samba server and client 7+dfsg- 0ubuntu2. 6 amd64 Samba common files used by both the server and the client modules: amd64 2:4.10. 7+dfsg- 0ubuntu2. 6 amd64 Samba Directory Services Database 7+dfsg- 0ubuntu2. 6 amd64 Samba core libraries modules: amd64 2:4.10. 7+dfsg- 0ubuntu2. 6 amd64 Samba Virtual FileSystem plugins
ii python3-samba 2:4.10.
ii realmd 0.16.3-3 amd64 DBus service for configuring kerberos and other online identities
ii samba 2:4.10.
ii samba-common 2:4.10.
ii samba-common-bin 2:4.10.
ii samba-dsdb-
ii samba-libs:amd64 2:4.10.
ii samba-vfs-