----- On Sep 26, 2016, at 1:30 PM, Sumit Bose [email protected] wrote:
> > Do you see and log messages in the krb5kdc.log on the IPA server? If it > is not the firewall I would suggest to record the IP traffic of the AD > client and check what it tries to do after the AD DC send the > cross-realm TGT. > > About the DNS SRV records, did you add matching records for _udp as > well? I'm not sure if the AD client will fallback to _tcp if they are > missing or just stop? > Yes, _udp recores is created (at least now, as they actually wasn't). krb5kdc.log shows nothing, so I guess its still have no access to IPA? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
