[Freeipa-users] error: Realm not local to KDC

[Simo Sorce]

On Tue, 2013-01-15 at 17:57 -0500, Sylvain Angers wrote:
> Some rhel6.2 have problem with authenticating against IPA v2.2
> while some others on same domain do not have issue but still get the
> same
> error "Failed to init credentials: Realm not local to KDC"
> 
Because you are putting machines in the top domain I suspect your client
is trying to resolve the realm via SRV records and finds those of the AD
server. You may want to statically configure the default _realm and the
[domain_realm] section in your client krb5.conf and turn off dns
discovery in krb5.conf for those client.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York