I am doing security lab https://github.com/HortonworksUniversity/Security_Labs/blob/master/HDP-3.0.1-AD.md#lab-1
step setup AD/OS integration via SSSD
the generated keytab from adcli join command has an extra $ like IP-172-26-30-48$@LAB.HORTONWORKS.NET, while the A/D principal name is IP-172-26-30-48, so got below error:
[ec2-user@ip-172-26-30-48 keytabs]$ sudo kinit -k
kinit: Client 'host/ip-172-26-30-48.ec2.internal@LAB.HORTONWORKS.NET' not found in Kerberos database while getting initial credentials
and this caused sssd restart error:
Jun 17 16:59:37 ip-172-26-30-48.ec2.internal sssd_be[7679]: GSSAPI client step 1
Jun 17 16:59:37 ip-172-26-30-48.ec2.internal sssd_be[7679]: GSSAPI client step 1
Jun 17 16:59:37 ip-172-26-30-48.ec2.internal sssd[be[LAB.HORTONWORKS.NET]][7679]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Can't see any IDs in A/D
[ec2-user@ip-172-26-30-48 keytabs]$ id sales1
id: sales1: no such user
What can I do to resolve it, thanks