[Freeipa-users] error: Realm not local to KDC
Dmitri Pal
dpal at redhat.com
Wed Jan 16 14:11:20 UTC 2013
On 01/16/2013 08:55 AM, Simo Sorce wrote:
> On Tue, 2013-01-15 at 17:57 -0500, Sylvain Angers wrote:
>> Some rhel6.2 have problem with authenticating against IPA v2.2
>> while some others on same domain do not have issue but still get the
>> same
>> error "Failed to init credentials: Realm not local to KDC"
>>
> Because you are putting machines in the top domain I suspect your client
> is trying to resolve the realm via SRV records and finds those of the AD
> server. You may want to statically configure the default _realm and the
> [domain_realm] section in your client krb5.conf and turn off dns
> discovery in krb5.conf for those client.
>
> Simo.
>
Not only that. The fact that getent failed might mean that LDAP
connection was not established or was attempted against the wrong server.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list