Wrong principles in krb5.keytab when joining to Windows Active Directory

Solution Verified - Updated -


  • When joining to Windows Active Directory using realm join it appears that the /etc/krb5.keytab gets the wrong principles.
  • The computer object in Active Directory gets the wrong servicePrincipalName and/or dNSHostName values.
  • Executing klist -k reveals that the host's FQDN is not used for the SPN values.


  • Red Hat Enterprise Linux (RHEL) 7.8
  • realmd-0.16.1-12
  • samba
    • 4.10.4-8
    • 4.10.4-10

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In