On Wed, 12 Feb 2014, Longina Przybyszewska wrote:
I have the following principals :
servicePrincipalName
nfs/client.domain.org/client
servicePrincipalName
nfs/client.domain.org/client.domain.org
That's a lot of slashes...?
I used 'realm' command for adding new principals for the
machine (as long my 'history' can reach)
realm join -v -U USER --user-principal=host/client.domain.org --computer-ou
OU="Linux computers",OU=ADResources
DOMAIN.ORG
realm join -v -U USER --user-principal=nfs/client.domain.org --computer-ou
OU="Linux computers",OU=ADResources
DOMAIN.ORG
At last, I ' leaved' domain and 'rejoined' again - but it seems that it
wasn't done clean.
Now I have no UPN entry in my /etc/krb5.ketab.
Are you sure? Easiest way to test if it's a UPN is to do:
kinit -k
nfs/client.domain.org
If that works, it's definitely a UPN.
What is a clean way of "leaving" domain for the machine,
with removing all entries inclusiv DNS entries?
I know nothing about realm. With samba, net ads leave should be sufficient I
thought.
jh