Domin join script does not update keytab

Hi@all,

I am trying to join a client that is already using the join script:

in the domain ‘intern.lan’ (REALM: INTERN.LAN) into the new domain ‘intern.example.org’ (REALM: INTERN.EXAMPLE.ORG).

Before starting the script I adjusted the REALM in krb5.conf.

The join worked. But in the /etc/krb5.keytap are still the old REALMS:

Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
   2 02/08/2022 17:20:55 PC001$@INTERN.LAN (aes256-cts-hmac-sha1-96) 
   2 02/08/2022 17:20:55 PC001$@INTERN.LAN (aes128-cts-hmac-sha1-96) 
   2 02/08/2022 17:20:55 PC001$@INTERN.LAN (des3-cbc-sha1) 
   2 02/08/2022 17:20:55 PC001$@INTERN.LAN (arcfour-hmac) 
   2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (aes256-cts-hmac-sha1-96) 
   2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (aes128-cts-hmac-sha1-96) 
   2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (des3-cbc-sha1) 
   2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (arcfour-hmac) 
   2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (aes256-cts-hmac-sha1-96) 
   2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (aes128-cts-hmac-sha1-96) 
   2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (des3-cbc-sha1) 
   2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (arcfour-hmac)

Accordingly, also appears in the log file:
Feb 15 15:25:29 pc001 ldap_child[2228]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot find KDC for realm "INTERN.LAN". Unable to create GSSAPI-encrypted LDAP connection.

How do I get the client or join script to recreate this file?

with best
sven