on a to be joined system (with no pre-existing /etc/krb5.keytab) joining to windows AD now fails (where previously it would succeed) KRB5_CONFIG=/tmp/YaST2-22963-aVzKaP/krb5.conf net ads join -s /tmp/YaST2-22963-aVzKaP/smb.conf e.g. pw2kt_process_add_info: Failed to parse principal: RestrictedKrbHost/TW2024 Failed to join domain: failed to create kerberos keytab where krb5.conf & smb.conf are minimal config (provided as part of yast2 to provision a windows client) krb5.conf [realms] SOMETESTDOMAIN1.MY.COM = { kdc = SomeWinDC.sometestdomain1.my.com }
but... it appears adding section [libdefaults] default_realm = SOMETESTDOMAIN1.MY.COM to krb5.conf fixes the problem.
(In reply to Noel Power from comment #2) I can remember testing (quite a few years ago) just what was required in /etc/krb5.conf and it turned out it was just that, you do not need the '[realms]' part. Also, since when did yast run on a Windows machine ?