Improve domain join command and create keytab

[djjudas21]

For completeness, DanF joins the domain with the following:

net ads join -U {{ ad_user }}%{{ ad_password }} createcomputer='{{ ad_ou }}' --no-dns-updates
net ads keytab create -U {{ ad_user }}%{{ ad_password }} no-dns-updates

[djjudas21]

Also need to set these in smb.conf:

dedicated keytab file = /etc/krb5.keytab
kerberos method = dedicated keytab

[djjudas21]

Doing this broke my ability to authenticate. I also tried kerberos method = secrets and keytab and this didn't work either. Looks like the generated keytab doesn't have any principals in it and /var/log/secure contains the following (redacted):

Jun 28 14:33:32 build-el7 unix_chkpwd[23270]: password check failed for user (username)
Jun 28 14:33:32 build-el7 sudo: pam_unix(sudo:auth): authentication failure; logname=username uid=56933 euid=0 tty=/dev/pts/0 ruser=username rhost=  user=username
Jun 28 14:33:32 build-el7 sudo: pam_krb5[23268]: TGT failed verification using keytab and key for 'host/[email protected]': Server not found in Kerberos database
Jun 28 14:33:32 build-el7 sudo: pam_krb5[23268]: authentication fails for 'username' ([email protected]): Authentication failure (Success)