Hi, thanks for replying!
While you're correct in that neither of the SPNs work, I can literally not do
username lookups unless I have a SPN that starts with HOST/.
I just tried the following:
1. Using older adcli (which by default produces HOST/ SPNs) to re-join the host
-> lookups are not working
2. Using newer adcli (which produces host/) to re-join the host -> lookups are
not working, client exhibits error described in my initial e-mail
3. Using newer adcli to re-join, but add the "--user-principal=HOST/fqdn@REALM"
option so that *both* SPNs are in the keytab) -> lookups are working
Every time, I made sure to stop SSSD before making any modifications, deleted
/var/lib/sss/{db,mc}/*, and restarted SSSD afterwards. I will try to up the
debug level and see what I can find, and I'll post my logfiles in reply to
another mail in this thread.
In any case, thanks for telling me about kinit -k <NETBIOSname>!
-Patrice
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
