[Freeipa-users] Only one AD user can able to login to IPA server
Alexander Bokovoy
abokovoy at redhat.com
Tue Mar 17 18:30:32 UTC 2015
On Tue, 17 Mar 2015, Ben .T.George wrote:
>Hi
>
>i did kinit
>
>[root at kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
>kinit: Keytab contains no suitable keys for
>host/kwtpocpbis01.solaris.local at SOLARIS.LOCAL while getting initial
>credentials
>
>
>i destroyed and re-created. but still same
What did you destroy?
Why did you need to touch /etc/dirsrv/ds.keytab at all? It contains key
for ldap/kwtpocpbis01.solaris.local at SOLARIS.LOCAL that your LDAP server
is using. It has nothing to do with your host/... principal.
If your sssd cannot authenticate against AD DC, it means trust is *not*
working and anything else is fruitless unless you fix it.
hat do you see
in /var/log/httpd/error_log as result of dumping netr_LogonControl2Ex structure?
Can you follow
http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
and tell what do you see in /var/log/httpd/error_log as result of
dumping netr_LogonControl2Ex structure?
We went through this few weeks ago and I'm not seeing what did you
broke.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list