There is a known issue with the krb5 library that is shipped on RHEL(7.3, 7.4, 7.5, or 7.6) and Ubuntu(16.04) where AES keys are incorrectly salted on Windows AD systems. There has been a patch in the krb5 library, but that patched version hasn’t shipped on the version Microsoft supports.
The incorrect salted value(created by addent command) may cause Windows authentication fail.
Here is a recommended way to create mssql.keytab in case you running into the issue.
Prerequisites === The SQL Server Linux serve has joined domain
1.Create AD user (or MSA) for SQL Server and set SPN. 1)AD User. On your domain controller, run the New-ADUser PowerShell command to create a new AD user with a password that never expires. The following example names the account mssql, but the account name can be anything you like. You will be prompted to enter a new password for the account. Import-Module ActiveDirectory
2)Managed Service account On your domain controller, run the New-ADServiceAccount PowerShell command to create a Managed Service Account with a password that never expires. The following example names the account mssql, but the account name can be anything you like. You will be prompted to enter a new password for the account.
3.Run following command in Windows server in the domain using Domain administrator to create the mssql.keytab (this step is applicable to both AD user and MSA) (KVNO should be replaced with the value in step 2, <StrongPassword> should be replaced with the password specified in step1)