[Freeipa-users] How to check IPA <--> AD trust from command line

Ben .T.George bentech4you at gmail.com
Tue Jan 6 17:13:17 UTC 2015 

HI

thanks for the replay.

please find below output.it's asking for password and accepting that. but
something wrong

[root at kwtpocpbis01 ~]# kinit -C  adm-ben.george at kwttestdc.com
Password for adm-ben.george at kwttestdc.com:

[root at kwtpocpbis01 ~]# getent passwd adm-ben.george

[root at kwtpocpbis01 ~]# id adm-ben.george
id: adm-ben.george: no such user

Regards,
Ben

On Tue, Jan 6, 2015 at 8:03 PM, Sumit Bose <sbose at redhat.com> wrote:

> On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote:
> > Hi
> >
> > I Tried on IPA server and below is my output:
> >
> > [root at kwtpocpbis01 ~]# kinit adm-ben.george at kwttestdc.com
> > Password for adm-ben.george at kwttestdc.com:
> > kinit: KDC reply did not match expectations while getting initial
> > credentials
> >
> > how can i troubleshot this issue.?
>
> The argument to kinit is a Kerberos principal which is handled
> case-sensitive by kinit. To get around the error message either use
>
> kinit -C  adm-ben.george at kwttestdc.com
>
> or
>
> kinit adm-ben.george at KWTTESTDC.COM
>
> (typically the realm part is upper-case, if your user name contains
> upper-case letters as well you should use them here as well, if you
> don't know 'kinit -C' might be the better solution)
>
> HTH
>
> bye,
> Sumit
> >
> > Thanks & Regards,
> > Ben
> >
> >
> > On Tue, Jan 6, 2015 at 6:41 PM, Sumit Bose <sbose at redhat.com> wrote:
> >
> > > On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote:
> > > > On 01/05/2015 08:35 PM, Ben .T.George wrote:
> > > > >
> > > > >Hi LIst,
> > > > >
> > > > >how to check IPA <-> Active directory trust relationship . i just
> want
> > > to
> > > > >confirm my ipa server is working fine.
> > > >
> > > > On an IPA server or client machine:
> > > > $ kinit adusername at ADDOMAIN.COM
> > > > Password: aduserpassword
> > > >
> > > > If there are no AD users yet, you can try with
> > > administrator at ADDOMAIN.COM
> > > > assuming you have the AD admin password.
> > >
> > > Additionally you have to check if the AD user can get a ticket for an
> IPA
> > > service e.g. after calling kinit with the AD user call
> > >
> > > kvno ldap/ipaserver.ipa.domain at IPA.DOMAIN
> > >
> > > bye,
> > > Sumit
> > >
> > > >
> > > > >
> > > > >Regards,
> > > > >Ben
> > > > >
> > > > >
> > > >
> > >
> > > > --
> > > > Manage your subscription for the Freeipa-users mailing list:
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > Go To http://freeipa.org for more info on the project
> > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go To http://freeipa.org for more info on the project
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150106/4d461514/attachment.htm>

More information about the Freeipa-users mailing list