I recently decided to use my Raspberry Pis for other purposes, and being lazy rather than reinstalling them I simply uninstalled the stuff I didn’t need and changed the hostname. End of story right? Not

It’s been several years now since I’ve set up Active Directory authentication and things were working well so I forgot all about it. Turns out you can’t simply change the hostname on your client and call it a day (makes sense).

My original sssd setup was a bit messy and I’ll get to cleaning it up eventually, but here’s what I had to do to get things back up.

# check the current keytab
klist -kt

# leave the realm
REALM=
realm leave ${REALM}
realm join ${REALM}

# check the updated keytab
klist -kt

The automatically generated /etc/sssd/sssd.conf can be edited to your needs.

lookup_family_order = ipv6_first

A quick systemctl restart sssd and we’re back in business. At some point I’ll be setting up Active Directory authentication for a new Raspberry Pi 4B that is the reason behind this not so recommended wave of hostname renamings, which should be a good opportunity to revisit the whole setting up steps.