Hi@all,
I am trying to join a client that is already using the join script:
in the domain ‘intern.lan’ (REALM: INTERN.LAN) into the new domain ‘intern.example.org’ (REALM: INTERN.EXAMPLE.ORG).
Before starting the script I adjusted the REALM in krb5.conf.
The join worked. But in the /etc/krb5.keytap are still the old REALMS:
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 02/08/2022 17:20:55 PC001$@INTERN.LAN (aes256-cts-hmac-sha1-96)
2 02/08/2022 17:20:55 PC001$@INTERN.LAN (aes128-cts-hmac-sha1-96)
2 02/08/2022 17:20:55 PC001$@INTERN.LAN (des3-cbc-sha1)
2 02/08/2022 17:20:55 PC001$@INTERN.LAN (arcfour-hmac)
2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (aes256-cts-hmac-sha1-96)
2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (aes128-cts-hmac-sha1-96)
2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (des3-cbc-sha1)
2 02/08/2022 17:20:55 host/PC001@INTERN.LAN (arcfour-hmac)
2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (aes256-cts-hmac-sha1-96)
2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (aes128-cts-hmac-sha1-96)
2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (des3-cbc-sha1)
2 02/08/2022 17:20:55 RestrictedKrbHost/PC001@INTERN.LAN (arcfour-hmac)
Accordingly, also appears in the log file:
Feb 15 15:25:29 pc001 ldap_child[2228]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot find KDC for realm "INTERN.LAN". Unable to create GSSAPI-encrypted LDAP connection.
How do I get the client or join script to recreate this file?
with best
sven