Not surprisingly, when switching over to a new base operating system, a few tweaks are needed for previous instructions.
realmd + Samba
By default, realmd and Samba (when desired for something like FreeRADIUS) don't play nice with each other - they both try to own /etc/krb5.keytab, leading to unhappiness (since realmd will try and renew the keytab without telling Samba, breaking the latter). The correct order is:
- Connect to the domain via realm join.
- Connect to the domain via net ads join.
- Add ad_update_samba_machine_account_password = true to /etc/sssd/sssd.conf under your domain config.
- Restart sssd (systemctl restart sssd). You should now be good to go.