On Mon, Jul 9, 2018 at 8:19 AM Ondrej Valousek
<[email protected]> wrote:
> Is there any way how can we recreate system keytab file of a machine
> joined to AD if the file has been broken/deleted?
>
> I want to avoid doing join again as this would probably delete the
> existing account (with all attributes we have set).
The latest version of the msktutil utility (version 1.1) can do this:
https://github.com/msktutil/msktutil/
Remove the corrupted /etc/krb5.keytab file, change the password of the
host machine account in AD to a temporary password, and then run:
$ msktutil --update --computer-name SHORTHOSTNAMEALLCAPS
--old-account-password <temporary_password> --verbose --verbose
This should change the host machine account password in AD to a new
(random) password, and then create a new /etc/krb5.keytab file with
all relevant entries.
Depending on your AD configuration, you might need to use the
--dont-update-dnshostname option as well.
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]/message/YHPZ4WH6CNL3KMULOVKZ5VKMHMRYNWDW/
