Hi, all!
I run FreeIPA 4.2 bundled with RHEL7.2 with all latest errata installed I tried to use kdcproxy in DMZ environment so I enabled KDCproxy on server and explicitly set AD server records in server`s [realm] section of krb5.conf. After that I disabled KDC DNS autodiscovery on client and pointed my AD domain entries of client`s krb5.conf to IPA server KDCproxy URL. That gave me partial success: I can obtain tgt ticket on client with kinit command, but I can not login in to that user account in that client via ssh with following error in /var/log/messages: [sssd[krb5_child[XXXX]]]: Cannot contact any KDC for realm 'MY_AD_REALM' Any clues to get successful sshd login in kdcproxy environment? Thanks! -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project