How does one properly move a host that is registered from one Active Directory domain through sssd (ad based config)? I'm attempting to move hosts from TEST.REALM to REALM domains.
I've attempted to do this through performing:
1) net ads leave (which worked)
2) verifying the host is no longer in AD's computers sub-suffix
3) updating the
4) cleared out the old
/etc/krb5.keytab that had principals from the old realm
5) re-running the authconfig commands I used during setup
6) flushing the sssd cache with
7) re-registering the host by kinit'ing as a administrator in the REAM and then running the
net ads join -k command (which works)
When I attempt to test this change over by logging in as a user unique to the new realm/domain.... I get the following message:
Jan 18 22:11:19 host-1 [sssd[ldap_child]]: Error processing keytab file [MEMORY:/etc/krb5.keytab]: Principal [HOST-1$@TEST.REALM] was not found. Unable to create GSSAPI-encrypted LDAP connection.
I can not figure out where the system is picking up HOST-1$@TEST.REALM, its not present in the configuration files I mention, it is not in the new
/etc/krb5.keytab after the new run of the net ads join... am I missing something on the cleanup/move steps I list? (and does anyone have a pointer to discussion around moving systems this way?)
Thanks in advance.