On 2021-09-08 at 14:18-0400 Todd Mote <moter(a)austin.utexas.edu> wrote:
The $ at the end of the host name is for AD. <short hostname>$
is
the actual name of the account in AD. The Kerberos utilities are
just asking the KDC to renew tickets for accounts. Computer
accounts in AD happen to have a $ appended to them under the covers.
They are obfuscated from most human views. Msktutil may be
appending the $ under its covers, you'd have to examine the source
to know
From the msktutil man page:
--computer-name <name>
Specifies that the new account should use <name> for the
computer account name and the SAM Account Name. Note that a
'$' will be automatically appended to the SAM Account Name.
Defaults to the machine's hostname, excluding the realm, with
dots replaced with dashes.
That is: if the realm is
EXAMPLE.COM, and the hostname is
FOO.EXAMPLE.COM, the default computer name is FOO. If the
hostname is
FOO.BAR.EXAMPLE.COM, the default computer name is
FOO-BAR.
--account-name <name>
An alias for --computer-name that can be used when operating
on service accounts. Note that a '$' will not be
automatically appended to the SAM Account Name when using
service accounts.
We love msktutil (including its magnificent man page); it is our
preferred mechanism for joining hosts to AD.