I am hoping someone can offer some help with this. I’ve done a fair bit of “research” but found no definitive answer.
I am almost sure the setup is correct, and done my background it seems as if Rocky is not able to determine the cypher type being used by Kerberos on a very vanilla AD Domain.
Certainly no problems with other distro’s
I suspect your AD DC is still using very old cyphers / a SHA1 certificate, so you might have to lower your system-wide crypto policy (LEGACY:AD-SUPPORT):
Tbh I definitely also have seen this being unnecessary in our (work) environment, so the other solution might be to improve your crypto standards of your AD environment (WS 2016 DCs here with lots of security tweaks and SHA256 certs)
Yeah okay the ciphers are definitely new enough, what about SHA1?
Tbh the easiest might be to switch a testsystem to the other crypto policy and see if it works.
If this also does not help, might be time to enable the debug log and see what it says