----- Original Message ----- > Great, > > Changing > > /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = false > > to > > # cat /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = true > > along with adding the windows realm to krb5.conf on the clients did the > trick; I am able to obtain aan AD TGT ticket by using the KDC proxy > > Is there a special reason why "use_dns = false" was used in kdcproxy.conf? Yes -- it allows to explicitly control what gets proxied, with no surprises. > Will this work on CentosOS /RHEL 6 as well? No. RHEL 6.x libkrb5 has no support for KDC proxy and it is non-trivial to backport.
-- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project