Why does realmd list multiples of the same realm?

Question

I'm setting up an Ubuntu server so that users can authenticate against a Windows AD server. Not knowing about realmd, I used Samba Winbind's net join command to join the machine to the domain. Afterwards, I installed realmd and tried realm list:

username@ubuntuhost:~$ realm list
thedomain.com
  type: kerberos
  realm-name: THEDOMAIN.COM
  domain-name: thedomain.com
  configured: kerberos-member
  server-software: active-directory
  client-software: winbind
  required-package: winbind
  required-package: libpam-winbind
  required-package: samba-common-bin
  login-formats: THEWORKGROUP\%U
  login-policy: allow-any-login
thedomain.com
  type: kerberos
  realm-name: THEDOMAIN.COM
  domain-name: thedomain.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U
  login-policy: allow-permitted-logins
  permitted-logins:
  permitted-groups:

It appears that I have two realms--the first managed by winbind and the second managed by sssd. Am I right? I don't really need both. How do I whittle this down to just one? I guess I'd prefer to use the sssd version. How do I remove the windbind entry?

Answer 1

This is actually a dangerous situation, as you're probably using ONE of the two entries, not both, and you can't be sure you're using the one you want.

Depending on your nsswitch.conf, you may be using winbind or sss. You probably don't need both, and I assume sss the best choice.

So, assuming that we want to use sss and NOT winbind, alas the only way I found to keep the right realm is to remove both and re-add the one you want:

realm leave
realm leave
realm join thedomain.com