On Thu, Jul 09, 2015 at 08:59:11PM -0700, Angelo Pantano wrote:
> I have the exact same problem, have a windows AD that trusts IPA server and
> an IPA client that connect to the IPA server via sssd.If I try to ssh on
> the IPA client using an AD user it fails authentication. The same happens
> if I
I have the exact same problem, have a windows AD that trusts IPA server and
an IPA client that connect to the IPA server via sssd.If I try to ssh on
the IPA client using an AD user it fails authentication. The same happens
if I try to su - ADuser.
Basically IPA server is not correctly proxying the
> On Wed, May 06, 2015 at 11:15:15AM -0700, nat...@nathanpeters.com wrote:
>> Ok, I have attempted to set this up by adding the AD domain to my
>> configuration and it still isn't working.
>> I just want to confirm what I'm trying to accomplish here before I list
>> what I've done to troubleshoot t
On Wed, May 06, 2015 at 11:15:15AM -0700, nat...@nathanpeters.com wrote:
> Ok, I have attempted to set this up by adding the AD domain to my
> configuration and it still isn't working.
> I just want to confirm what I'm trying to accomplish here before I list
> what I've done to troubleshoot this.
>
> On 05/06/2015 12:14 AM, Nathan Peters wrote:
>>> From this link :
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html#comp-trust-krb
>>
>>
>> The diagram in that section shows the client communicating with
>> Free
> On 05/06/2015 02:15 PM, nat...@nathanpeters.com wrote:
>> Ok, I have attempted to set this up by adding the AD domain to my
>> configuration and it still isn't working.
>> I just want to confirm what I'm trying to accomplish here before I list
>> what I've done to troubleshoot this.
>>
>> We have
On 05/06/2015 02:15 PM, nat...@nathanpeters.com wrote:
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
We have an AD domain cal
Subject: Re: [Freeipa-users] Cannot find KDC for realm "MYDOMAIN.NET"
- AD trust and UPN issues
On Tue, May 05, 2015 at 02:21:40PM -0700, nat...@nathanpeters.com wrote:
I'm a little confused by that.
If I add the AD dc, will my client try to contact AD directly to get a
ticket?
Ok, I have attempted to set this up by adding the AD domain to my
configuration and it still isn't working.
I just want to confirm what I'm trying to accomplish here before I list
what I've done to troubleshoot this.
We have an AD domain called corp.addomain.net. We have UPNs set so AD
users logi
y, May 05, 2015 8:43 PM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Cannot find KDC for realm "MYDOMAIN.NET" - AD
> trust and UPN issues
>
> On Tue, May 05, 2015 at 02:21:40PM -0700, nat...@nathanpeters.com wrote:
> >I'm a little confused by tha
?
-Original Message-
From: Jakub Hrozek
Sent: Tuesday, May 05, 2015 8:43 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Cannot find KDC for realm "MYDOMAIN.NET" - AD
trust and UPN issues
On Tue, May 05, 2015 at 02:21:40PM -0700, nat...@nathanpeters.com wrote:
I&
On Tue, May 05, 2015 at 02:21:40PM -0700, nat...@nathanpeters.com wrote:
> I'm a little confused by that.
>
> If I add the AD dc, will my client try to contact AD directly to get a
> ticket?
>
> Doesn't it have to do get the ticket through FreeIPA by proxy somehow?
No, authentication is always p
I'm a little confused by that.
If I add the AD dc, will my client try to contact AD directly to get a
ticket?
Doesn't it have to do get the ticket through FreeIPA by proxy somehow?
And to confirm what you meant by add the AD dc and realm, it would be like
this ?
SUB.ADDOMAIN.NET = {
kdc = dc1.
On Tue, May 05, 2015 at 09:53:38AM -0700, nat...@nathanpeters.com wrote:
> Hmm, so if this is the [realms] section of my /etc/krb5.conf what do I
> have to do ?
>
> [realms]
> IPADOMAIN.NET = {
> kdc = dc1.ipadomain.net:88
> master_kdc = dc1.ipadomain.net:88
> admin_server = dc1.ipadomain.n
FYI, this is what I get when I added another realm section to my
/etc/krb5.conf
May 05 18:00:26 dc1.ipadomain.net [sssd[krb5_child[2792]]][2792]: Looping
detected inside krb5_get_in_tkt
May 05 18:00:26 dc1.ipadomain.net [sssd[krb5_child[2792]]][2792]: Looping
detected inside krb5_get_in_tkt
May 05
Hmm, so if this is the [realms] section of my /etc/krb5.conf what do I
have to do ?
[realms]
IPADOMAIN.NET = {
kdc = dc1.ipadomain.net:88
master_kdc = dc1.ipadomain.net:88
admin_server = dc1.ipadomain.net:749
default_domain = ipadomain.net
pkinit_anchors = FILE:/etc/ipa/ca.crt
auth_to
On Tue, May 05, 2015 at 09:09:51AM -0700, nat...@nathanpeters.com wrote:
> I am having some strange issues after upgrade from FreeIPA 4.1.2 to
> 4.1.3/4.1.4 on CentOS 7.
>
> Here is my setup:
> FreeIPA domain : ipadomain.net
> Trusted AD domain : sub.addomain.net
>
> In my AD domain, we have our
I am having some strange issues after upgrade from FreeIPA 4.1.2 to
4.1.3/4.1.4 on CentOS 7.
Here is my setup:
FreeIPA domain : ipadomain.net
Trusted AD domain : sub.addomain.net
In my AD domain, we have our UPN set to addomain.net so users typically
login as usern...@addomain.net instead of user
18 matches
Mail list logo
