When joining a RHEL7 server to a Microsoft Active Directory with the adcli command, the kerberos keytab file with the corresponding service principals is created incorrectly. Connecting e.g. using SSH with Kerberos GSSAPI fails:
# ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=gssapi-with-mic firstname.lastname@example.org Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
This is the generated entry:
But it works only with service principal entrys like this in the kerberos key tab file:
This seems to be a lower/upper-case problem of the service part of the service principal in the kerberos keytab file.
- Red Hat Enterprise Linux 7
- Active Direcotry
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.