[Freeipa-users] How to check IPA <--> AD trust from command line

Sumit Bose sbose at redhat.com
Tue Jan 6 17:18:23 UTC 2015 

On Tue, Jan 06, 2015 at 08:13:17PM +0300, Ben .T.George wrote:
> HI
> 
> thanks for the replay.
> 
> please find below output.it's asking for password and accepting that. but
> something wrong
> 
> [root at kwtpocpbis01 ~]# kinit -C  adm-ben.george at kwttestdc.com
> Password for adm-ben.george at kwttestdc.com:
> 
> [root at kwtpocpbis01 ~]# getent passwd adm-ben.george

Please try

getent passwd adm-ben.george at kwttestdc.com

We use fully-qualified names to avoid name collisions.

Does the kvno command work?

bye,
Sumit

> 
> [root at kwtpocpbis01 ~]# id adm-ben.george
> id: adm-ben.george: no such user
> 
> Regards,
> Ben
> 
> On Tue, Jan 6, 2015 at 8:03 PM, Sumit Bose <sbose at redhat.com> wrote:
> 
> > On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote:
> > > Hi
> > >
> > > I Tried on IPA server and below is my output:
> > >
> > > [root at kwtpocpbis01 ~]# kinit adm-ben.george at kwttestdc.com
> > > Password for adm-ben.george at kwttestdc.com:
> > > kinit: KDC reply did not match expectations while getting initial
> > > credentials
> > >
> > > how can i troubleshot this issue.?
> >
> > The argument to kinit is a Kerberos principal which is handled
> > case-sensitive by kinit. To get around the error message either use
> >
> > kinit -C  adm-ben.george at kwttestdc.com
> >
> > or
> >
> > kinit adm-ben.george at KWTTESTDC.COM
> >
> > (typically the realm part is upper-case, if your user name contains
> > upper-case letters as well you should use them here as well, if you
> > don't know 'kinit -C' might be the better solution)
> >
> > HTH
> >
> > bye,
> > Sumit
> > >
> > > Thanks & Regards,
> > > Ben
> > >
> > >
> > > On Tue, Jan 6, 2015 at 6:41 PM, Sumit Bose <sbose at redhat.com> wrote:
> > >
> > > > On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote:
> > > > > On 01/05/2015 08:35 PM, Ben .T.George wrote:
> > > > > >
> > > > > >Hi LIst,
> > > > > >
> > > > > >how to check IPA <-> Active directory trust relationship . i just
> > want
> > > > to
> > > > > >confirm my ipa server is working fine.
> > > > >
> > > > > On an IPA server or client machine:
> > > > > $ kinit adusername at ADDOMAIN.COM
> > > > > Password: aduserpassword
> > > > >
> > > > > If there are no AD users yet, you can try with
> > > > administrator at ADDOMAIN.COM
> > > > > assuming you have the AD admin password.
> > > >
> > > > Additionally you have to check if the AD user can get a ticket for an
> > IPA
> > > > service e.g. after calling kinit with the AD user call
> > > >
> > > > kvno ldap/ipaserver.ipa.domain at IPA.DOMAIN
> > > >
> > > > bye,
> > > > Sumit
> > > >
> > > > >
> > > > > >
> > > > > >Regards,
> > > > > >Ben
> > > > > >
> > > > > >
> > > > >
> > > >
> > > > > --
> > > > > Manage your subscription for the Freeipa-users mailing list:
> > > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > Go To http://freeipa.org for more info on the project
> > > >
> > > > --
> > > > Manage your subscription for the Freeipa-users mailing list:
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > Go To http://freeipa.org for more info on the project
> > > >
> >

More information about the Freeipa-users mailing list