On 2021-09-08 at 14:18-0400 Todd Mote moter@austin.utexas.edu wrote:
The $ at the end of the host name is for AD. <short hostname>$ is the actual name of the account in AD. The Kerberos utilities are just asking the KDC to renew tickets for accounts. Computer accounts in AD happen to have a $ appended to them under the covers. They are obfuscated from most human views. Msktutil may be appending the $ under its covers, you'd have to examine the source to know
From the msktutil man page:
--computer-name <name>
Specifies that the new account should use <name> for the computer account name and the SAM Account Name. Note that a '$' will be automatically appended to the SAM Account Name. Defaults to the machine's hostname, excluding the realm, with dots replaced with dashes.
That is: if the realm is EXAMPLE.COM, and the hostname is FOO.EXAMPLE.COM, the default computer name is FOO. If the hostname is FOO.BAR.EXAMPLE.COM, the default computer name is FOO-BAR.
--account-name <name>
An alias for --computer-name that can be used when operating on service accounts. Note that a '$' will not be automatically appended to the SAM Account Name when using service accounts.
We love msktutil (including its magnificent man page); it is our preferred mechanism for joining hosts to AD.
sssd-users@lists.fedorahosted.org