Hi, thanks for replying!
While you're correct in that neither of the SPNs work, I can literally not do username
lookups unless I have a SPN that starts with HOST/.
I just tried the following:
1. Using older adcli (which by default produces HOST/ SPNs) to re-join the host ->
lookups are not working
2. Using newer adcli (which produces host/) to re-join the host -> lookups are not
working, client exhibits error described in my initial e-mail
3. Using newer adcli to re-join, but add the "--user-principal=HOST/fqdn@REALM"
option so that *both* SPNs are in the keytab) -> lookups are working
Every time, I made sure to stop SSSD before making any modifications, deleted
/var/lib/sss/{db,mc}/*, and restarted SSSD afterwards. I will try to up the debug level
and see what I can find, and I'll post my logfiles in reply to another mail in this
thread.
In any case, thanks for telling me about kinit -k <NETBIOSname>!
-Patrice