On Wed, 23 Nov 2011, Josh Geisser wrote:
Thanks for the answer will check soon.
Joining the machine actually works as far as I understand: it creates the computer object in LDAP and is visible in the AD management utility.
But it doesn't write any local /etc/krb5.keytab, which I assume SSSD or the krb5-tools will use, not?
Want to try your additional smb.conf parameters and I'll come back to you
Will update the article with some more notes on this tomorrow. My config was for samba 3.5, I don't know what version you're running. You definitely need the keytab line in your config (that line is different in 3.0 but you'll find it in the man page).
Once you've done that, join the domain again, and /etc/krb5.keytab should be created, and yes, that's what sssd uses.
jh