On ke, 05 loka 2016, Chris Dagdigian wrote:
Alexander Bokovoy wrote:
As http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain
explains, you need to have proper mapping of domains to realms and have
proper definitions for those realms.
We don't see your krb5.conf, so if it deviates from what the wiki
describes, you need to be explicit in your details.
Much appreciated. Here is the krb5.conf file -- I commented out the
Include line for /var/lib/sss/pubconf/krb5.include.d/ and brought that
data into the /etc/krb5.conf file so I only had a single file and set
of settings to look at:
you don't have explicit definition for the AD realms and you don't allow
Kerberos to discover neither realms nor their KDCs via DNS SRV records.
The latter happened because you have used --server option when
configuring the client -- man page for ipa-client-install has a section
explaining discovery and influence of options on it.
That's your problem. It also reveals that your reading of the wiki was
cursory, but that's another problem. :)
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
