[Freeipa-users] Cross domain trust

Steve Dainard sdainard at miovision.com
Wed Feb 5 20:22:42 UTC 2014 

After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.

Step 12 in this document:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.htmlsays:

Then, request service tickets for services within the Active Directory
domain.
[root at ipaserver ]# kvno cifs/adserver.adexample.com at AD.DOMAIN
If the Active Directory service ticket is succcessfully granted, then there
will be a cross-realm TGT listed with all of the other requested tickets.
This will have the name krbtgt/AD.DOMAIN at IPA.DOMAIN.

I get an error back:
# kvno cifs/dc1.miovision.corp at MIOVISION.CORP
kvno: Server not found in Kerberos database while getting credentials for
cifs/dc1.miovision.corp at MIOVISION.CORP

But I do have a krbtgt ticket/AD domain:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: sdainard-root at MIOLINUX.CORP

Valid starting     Expires            Service principal
02/05/14 14:21:06  02/06/14 14:21:06  krbtgt/MIOLINUX.CORP at MIOLINUX.CORP
02/05/14 14:21:17  02/06/14 14:21:06  host/ipa1.miolinux.corp at MIOLINUX.CORP
02/05/14 14:21:20  02/06/14 14:21:06  krbtgt/MIOVISION.CORP at MIOLINUX.CORP

Also, is it normal to not find the Linux realm listed in the domain trust
list on the AD DC?



*Steve Dainard *
IT Infrastructure Manager
Miovision <http://miovision.com/> | *Rethink Traffic*
519-513-2407 ex.250
877-646-8476 (toll-free)

*Blog <http://miovision.com/blog>  |  **LinkedIn
<https://www.linkedin.com/company/miovision-technologies>  |  Twitter
<https://twitter.com/miovision>  |  Facebook
<https://www.facebook.com/miovision>*
------------------------------
 Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON,
Canada | N2C 1L3
This e-mail may contain information that is privileged or confidential. If
you are not the intended recipient, please delete the e-mail and any
attachments and notify us immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140205/6eebc6b7/attachment.htm>

More information about the Freeipa-users mailing list