Hi, all!

I run FreeIPA 4.2 bundled with RHEL7.2 with all latest errata installed


I tried to use kdcproxy in DMZ environment so I enabled KDCproxy on 
server and explicitly set AD server records in server`s [realm] section 
of krb5.conf.

After that I disabled KDC DNS autodiscovery on client and pointed my AD 
domain entries of client`s krb5.conf  to IPA server KDCproxy URL.


That gave me partial success: I can obtain tgt ticket on client with 
kinit command, but I can not login in to that user account in that 
client via ssh with following error in /var/log/messages:

[sssd[krb5_child[XXXX]]]: Cannot contact any KDC for realm 'MY_AD_REALM'


Any clues to get successful sshd login in kdcproxy environment?


Thanks!


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to