I have a rocky linux 8.7 server joined to a windows domain using realm. Sometimes when I start the server, I get a system error when attempting to login. /var/log/secure shows sssd system error 4. /var/log/sssd/krb5_child.log shows missing krb5 keytab option from domain, I also see pre authentication failed. if I login with a local account and restart sssd I am able to login.
/etc/sssd/sssd.conf
[sssd]
domains = home.local
config_file_version = 2
services = nss, pam
[domain/home.local]
ad_domain = home.local
krb5_realm = HOME.LOCAL
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = False
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
udp_preference_limit = 0
default_realm = HOME.LOCAL
[realms]
HOME.LOCAL = {
kdc = dc1.home.local
kdc = dc2.home.local
admin_server = dc1.home.local
}
[domain_realm]
.home.local = HOME.LOCAL
home.local = HOME.LOCAL