-
Title
vastool join fails to enter host/shortname into host.keytab -
Description
On a pre-created computer object where the SPN host/SHORTNAME is created before
host/FQDN vastool join will fail to create a host/SHORTNAME entry in the
host.keytab.
$ vastool -u host/ attrs host/ userprincipalname serviceprincipalname
userPrincipalName: host/suse1064.one.prod@ONE.PROD
servicePrincipalName: host/suse1064.one.prod
servicePrincipalName: host/SUSE1064
$ vastool -u Administrator join -f one.prod
$ vastool ktutil list
/etc/opt/quest/vas/host.keytab:
Vno Type Principal
5 aes128-cts-hmac-sha1-96 host/suse1064.one.prod@ONE.PROD
5 aes128-cts-hmac-sha1-96 SUSE1064$@ONE.PROD
5 aes128-cts-hmac-sha1-96 cifs/suse1064@ONE.PROD
5 aes128-cts-hmac-sha1-96 cifs/suse1064.one.prod@ONE.PROD
5 aes256-cts-hmac-sha1-96 host/suse1064.one.prod@ONE.PROD
5 aes256-cts-hmac-sha1-96 SUSE1064$@ONE.PROD
5 aes256-cts-hmac-sha1-96 cifs/suse1064@ONE.PROD
5 aes256-cts-hmac-sha1-96 cifs/suse1064.one.prod@ONE.PROD
5 arcfour-hmac-md5 host/suse1064.one.prod@ONE.PROD
5 arcfour-hmac-md5 SUSE1064$@ONE.PROD
5 arcfour-hmac-md5 cifs/suse1064@ONE.PROD
5 arcfour-hmac-md5 cifs/suse1064.one.prod@ONE.PROD
Where as if the servicprincipalnames list as follows:
$ vastool -u host/ attrs host/ userprincipalname serviceprincipalname
userPrincipalName: host/suse1064.one.prod@ONE.PROD
servicePrincip -
Cause
Product Defect 25701
-
Resolution
WORKAROUND:
1 - /opt/quest/bin/vastool -u <AD admin> setattrs -m host/ servicePrincipalName <host/machinename> <host/machinename.example.com> host/
2 - /opt/quest/bin/vastool -u <adadmin> join -f <yourdomain.com>
3 - /opt/quest/bin/vastool ktutil -k /etc/opt/quest/vas/host.keytab list
-
Change Request
25701 -
Additional Information
$ vastool -u host/ attrs host/ userprincipalname serviceprincipalname
userPrincipalName: host/suse1064.one.prod@ONE.PROD
servicePrincipalName: host/SUSE1064
servicePrincipalName: host/suse1064.one.prod