Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Generated keytabs has extra $

Generated keytabs has extra $

mgao1
New Contributor

Created ‎06-17-2019 11:37 PM

I am doing security lab https://github.com/HortonworksUniversity/Security_Labs/blob/master/HDP-3.0.1-AD.md#lab-1

step setup AD/OS integration via SSSD

the generated keytab from adcli join command has an extra $ like IP-172-26-30-48$@LAB.HORTONWORKS.NET, while the A/D principal name is IP-172-26-30-48, so got below error:

[ec2-user@ip-172-26-30-48 keytabs]$ sudo kinit -k

kinit: Client 'host/ip-172-26-30-48.ec2.internal@LAB.HORTONWORKS.NET' not found in Kerberos database while getting initial credentials

and this caused sssd restart error:

Jun 17 16:59:37 ip-172-26-30-48.ec2.internal sssd_be[7679]: GSSAPI client step 1

Jun 17 16:59:37 ip-172-26-30-48.ec2.internal sssd_be[7679]: GSSAPI client step 1

Jun 17 16:59:37 ip-172-26-30-48.ec2.internal sssd[be[LAB.HORTONWORKS.NET]][7679]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)


Can't see any IDs in A/D

[ec2-user@ip-172-26-30-48 keytabs]$ id sales1

id: sales1: no such user

What can I do to resolve it, thanks

Reply
46 Views
0 Kudos
Tags (3)
Don't have an account?
Register
Coming from Hortonworks? Activate your account here