diff --git a/entrypoint.sh b/entrypoint.sh
index 84acce9..4a0ee98 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -e
+#!/bin/bash -e
 
 # Loosely based on https://github.com/fjudith/docker-samba-join-ad/tree/master/sssd
 
@@ -18,7 +18,7 @@ fi
 echo " Starting system message bus"
 /etc/init.d/dbus start
 
-if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
+if [ ! -f /etc/samba/krb5.keytab ]; then
   if [ ! -f /run/secrets/$ADMIN_PASSWORD_SECRET ]; then
     echo 'Cannot read secret $ADMIN_PASSWORD_SECRET in /run/secrets'
     exit 1
@@ -30,10 +30,22 @@ if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
 
   # realm join is broken as it requires --privileged but difficult to add for swarm
   # so it can execute /usr/sbin/adcli. Therefore we execute it directly and create
-  # the /etc/sssd/sssd.conf manually
+  # the /etc/krb5.conf and /etc/sssd/sssd.conf manually
   # echo $ADMIN_PASSWORD|realm join -v $REALM --user=Administrator
   echo $ADMIN_PASSWORD|/usr/sbin/adcli join --verbose --domain $DOMAIN --domain-realm $REALM --login-type user --login-user $ADMIN_ACCOUNT --stdin-password
-  echo -e "[sssd] \n\
+  mv /etc/krb5.keytab /etc/samba/
+
+  #mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
+  echo 'root = administrator' > /etc/samba/smbusers
+fi
+
+if [ ! -L /etc/krb5.keytab ]; then    
+  ln -s /etc/samba/krb5.keytab /etc/krb5.keytab
+fi
+
+echo -e "[libdefaults]\ndefault_realm = $REALM" > /etc/krb5.conf
+
+echo -e "[sssd] \n\
 domains = $DOMAIN \n\
 config_file_version = 2 \n\
 services = nss, pam \n\
@@ -51,15 +63,12 @@ use_fully_qualified_names = True \n\
 ldap_id_mapping = True \n\
 access_provider = ad" > /etc/sssd/sssd.conf
 
-  # SSSD is picky about the mask and fails to start otherwise
-  chmod 600 /etc/sssd/sssd.conf
+# SSSD is picky about the mask and fails to start otherwise
+chmod 600 /etc/sssd/sssd.conf
 
-  # FIX SSSD service by removing non-existent -f option
-  sed -i "s:DAEMON_OPTS\=\"\-D \-f\":DAEMON_OPTS=\"-D\":" /etc/default/sssd
+# FIX SSSD service by removing non-existent -f option
+sed -i "s:DAEMON_OPTS\=\"\-D \-f\":DAEMON_OPTS=\"-D\":" /etc/default/sssd
 
-  mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
-  echo 'root = administrator' > /etc/samba/smbusers
-fi
 mkdir -p -m 700 /etc/samba/conf.d
 for file in /etc/samba/smb.conf; do
   sed -e "s:{{ ALLOW_DNS_UPDATES }}:$ALLOW_DNS_UPDATES:" \