On 2016-01-22 11:25, Winfried de Heiden wrote: > Now, is it possible to use the IPA-server as a proxy for the trusted > Windows Domain? How...?
I haven't tried yet it but it should be possible. MS-KKDCP requests are prefixed with the requested realm name. You have to configure the mapping from real name to KDC on the *server*, too. The KDC Proxy service uses /etc/krb5.conf to map realms to servers. Please add a configuration for [realms] WINDOWS.EXAMPLE.COM on the IPA server and restart Apache HTTPD. The configuration on IPA server must use the Kerboers protocol over port 88 for KDC, 749 for kadmin and 464 for kpasswd. You can't use KDC Proxy here. Christian
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project