Our dhcp sets clients with dynamically configured ip into a subdomain .client.DOMAIN, while clients with static ip go to .DOMAIN.
Example: I join clients to AD using sssd for authentication. realm join --automatic-id-mapping=no --membership-software=adcli DOMAIN The FQDN for this client is: kubuntu-lts.client.mpi-dortmund.mpg.de realm sets correct keytab entries with correct FQDN including subdomain .client: root@kubuntu-lts:/etc/sssd# klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 [email protected] (arcfour-hmac) 2 [email protected] (aes128-cts-hmac-sha1-96) 2 [email protected] (aes256-cts-hmac-sha1-96) 2 [email protected] (arcfour-hmac) 2 [email protected] (aes128-cts-hmac-sha1-96) 2 [email protected] (aes256-cts-hmac-sha1-96) 2 host/[email protected] (arcfour-hmac) 2 host/[email protected] (aes128-cts-hmac-sha1-96) 2 host/[email protected] (aes256-cts-hmac-sha1-96) 2 host/[email protected] (arcfour-hmac) 2 host/[email protected] (aes128-cts-hmac-sha1-96) 2 host/[email protected] (aes256-cts-hmac-sha1-96) 2 RestrictedKrbHost/[email protected] (arcfour-hmac) 2 RestrictedKrbHost/[email protected] (aes128-cts-hmac-sha1-96) 2 RestrictedKrbHost/[email protected] (aes256-cts-hmac-sha1-96) 2 RestrictedKrbHost/[email protected] (arcfour-hmac) 2 RestrictedKrbHost/[email protected] (aes128-cts-hmac-sha1-96) 2 RestrictedKrbHost/[email protected] (aes256-cts-hmac-sha1-96) Now joining the same test VM using winbind for authentication. realm join --automatic-id-mapping=no --membership-software=samba --client-software=winbind DOMAIN The FQDN for this client is still: kubuntu-lts.client.mpi- dortmund.mpg.de realm sets incorrect keytab entries without subdomain .client: root@kubuntu-lts:/etc/sssd# klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 4 restrictedkrbhost/[email protected] (etype 1) 4 restrictedkrbhost/[email protected] (etype 1) 4 restrictedkrbhost/[email protected] (etype 3) 4 restrictedkrbhost/[email protected] (etype 3) 4 restrictedkrbhost/[email protected] (aes128-cts-hmac-sha1-96) 4 restrictedkrbhost/[email protected] (aes128-cts-hmac-sha1-96) 4 restrictedkrbhost/[email protected] (aes256-cts-hmac-sha1-96) 4 restrictedkrbhost/[email protected] (aes256-cts-hmac-sha1-96) 4 restrictedkrbhost/[email protected] (arcfour-hmac) 4 restrictedkrbhost/[email protected] (arcfour-hmac) 4 host/[email protected] (etype 1) 4 host/[email protected] (etype 1) 4 host/[email protected] (etype 3) 4 host/[email protected] (etype 3) 4 host/[email protected] (aes128-cts-hmac-sha1-96) 4 host/[email protected] (aes128-cts-hmac-sha1-96) 4 host/[email protected] (aes256-cts-hmac-sha1-96) 4 host/[email protected] (aes256-cts-hmac-sha1-96) 4 host/[email protected] (arcfour-hmac) 4 host/[email protected] (arcfour-hmac) 4 [email protected] (etype 1) 4 [email protected] (etype 3) 4 [email protected] (aes128-cts-hmac-sha1-96) 4 [email protected] (aes256-cts-hmac-sha1-96) 4 [email protected] (arcfour-hmac) 4 cifs/[email protected] (etype 1) 4 cifs/[email protected] (etype 1) 4 cifs/[email protected] (etype 3) 4 cifs/[email protected] (etype 3) 4 cifs/[email protected] (aes128-cts-hmac-sha1-96) 4 cifs/[email protected] (aes128-cts-hmac-sha1-96) 4 cifs/[email protected] (aes256-cts-hmac-sha1-96) 4 cifs/[email protected] (aes256-cts-hmac-sha1-96) 4 cifs/[email protected] (arcfour-hmac) 4 cifs/[email protected] (arcfour-hmac) If you need any other information, let me know. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905000 Title: realm join DOMAIN (samba) sets wrong krb5.keytab (missing subdomain) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/realmd/+bug/1905000/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
