[Freeipa-users] CentOS IPA Client using Fedora IPA Server - SSO Fails from AD Trust domain
Mark Gardner
maleko42 at gmail.com
Wed Feb 5 14:27:00 UTC 2014
Thanks, That was what I missed.
On Wed, Feb 5, 2014 at 2:39 AM, Alexander Bokovoy <abokovoy at redhat.com>wrote:
> On Tue, 04 Feb 2014, Mark Gardner wrote:
>
>> I'm trying to configure our CentOS IPA Client for Single Sign On from our
>> trusted AD domain.
>> SSO works fine when I ssh to the IPA server, but not to the CentOS Client.
>> It prompts for password which it accepts, so it's getting the
>> authentication from the AD domain.
>>
>> Fedora 20 IPA Server
>> CentOS 6.5 IPA Client
>> Win 2012 AD Domain Server
>>
>> Setup as IPA as a subdomain of AD.
>> AD Domain: test.local
>> IPA Domain: hosted.test.local
>>
>> Anybody run into this? Suggestions?
>>
> Each client needs to be configured to accept AD users' SSO.
>
> Check that /etc/krb5.conf contains auth_to_local rules mapping principals
> from
> AD to their names as returned by SSSD.
>
> SSH daemon is picky about principal/name mapping.
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140205/dabea147/attachment.htm>
More information about the Freeipa-users
mailing list