adcli creates wrong kerberos keytab entry with uppercase HOST
Issue
When joining a RHEL7 server to a Microsoft Active Directory with the adcli command, the kerberos keytab file with the corresponding service principals is created incorrectly. Connecting e.g. using SSH with Kerberos GSSAPI fails:
# ssh -o StrictHostKeyChecking=no -o PreferredAuthentications=gssapi-with-mic root@host.mydomain.com
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
This is the generated entry:
HOST/host.mydomain.com@MYDOMAIN.COM
But it works only with service principal entrys like this in the kerberos key tab file:
host/host.mydomain.com@MYDOMAIN.COM
This seems to be a lower/upper-case problem of the service part of the service principal in the kerberos keytab file.
Environment
- Red Hat Enterprise Linux 7
- Active Direcotry
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
