>22.07.2018, 12:56, "Alexander Bokovoy" <aboko...@redhat.com>:
> When you are using trust to AD *all* authentication of AD users is > performed by AD DCs. IPA masters are not involved at all. So you need to > look at AD side for that. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland Sorry, I don't undestend wat's going on. I can login ad computers with new password. And i also can login on one ipa client - a new member of ipa domen. But whan I try login by ssh on old ipa members and ipa controllers, i see: Password: Password: Passwors: start-line\savelev@192.168.2.21's password: I enter password 4 times, and after that i can login. When i root, I can doing su aduser@ad_domain. And then I can kinit and get kerberos ticket. But if I another user, I must tape password after su ad_user@ad_domain and get error Password: su: Authentication failure because su wanted password just one time. -- С уважением, Николай. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/DER4O77JJ7HJEVAMAM4YEY64CQ5VLPAD/
