> Or not, I fixed those by adding this to sssd.conf, which doesn't seem
> like it should be needed, as I would think it'd pick it up from
> /etc/krb5.keytab:
> ldap_sasl_authid = server$@fqdn

 

DNS is working fine, can ping the shortname and fqdn from everywhere.

 

It also gets the ad server ip from dns using the srv records.

 

Adding the ldap_sasl_authid made the name error go away, so if it's dns, is it attempting fqdn$@realm.corp, or just hostname$@realm.corp, the later would be correct from what I've read.

 

Chris