adcli creates wrong kerberos keytab entry with uppercase HOST

Solution Verified - Updated -


When joining a RHEL7 server to a Microsoft Active Directory with the adcli command, the kerberos keytab file with the corresponding service principals is created incorrectly. Connecting e.g. using SSH with Kerberos GSSAPI fails:

# ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=gssapi-with-mic
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

This is the generated entry:


But it works only with service principal entrys like this in the kerberos key tab file:


This seems to be a lower/upper-case problem of the service part of the service principal in the kerberos keytab file.


  • Red Hat Enterprise Linux 7
  • Active Direcotry

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In