[Freeipa-users] Active Directory Kerberos authentication on older versions of IPA clients
Srdjan Dutina
sdutina at gmail.com
Fri Mar 27 17:00:43 UTC 2015
Hi,
I created the following test environment:
1. IPA server: v4.1.3 on Centos 7
2. Two-way trust with Active directory domain - Windows server 2012 R2
3. Connected multiple IPA clients:
- Fedora 21 - v4.1.3
- Centos 7 - v3.3.3
- Centos 6.6 v.3.0.0
to IPA domain.
Using Kerberos ticket for AD user, I'm able to ssh to IPA server and Fedora
client, but not to Centos clients, which have older IPA client versions.
These clients just skip gssapi-with-mic auth and continue to password login
(which is successful).
Just to add that I can obtain Kerberos ticket using 'kinit' command for AD
user from all clients and also get user and group IDs using 'id' command.
Additionally, is it possible to join Centos 5 client to latest IPA server?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150327/987756e6/attachment.htm>
More information about the Freeipa-users
mailing list