[Freeipa-users] Cannot find KDC for realm "MYDOMAIN.NET" - AD trust and UPN issues
nathan at nathanpeters.com
nathan at nathanpeters.com
Tue May 5 21:21:40 UTC 2015
I'm a little confused by that.
If I add the AD dc, will my client try to contact AD directly to get a
ticket?
Doesn't it have to do get the ticket through FreeIPA by proxy somehow?
And to confirm what you meant by add the AD dc and realm, it would be like
this ?
SUB.ADDOMAIN.NET = {
kdc = dc1.addomain.net:88
}
I don't need the master_kdc, admin_server, default_domain entries?
> On Tue, May 05, 2015 at 09:53:38AM -0700, nathan at nathanpeters.com wrote:
>> Hmm, so if this is the [realms] section of my /etc/krb5.conf what do I
>> have to do ?
>>
>> [realms]
>> IPADOMAIN.NET = {
>> kdc = dc1.ipadomain.net:88
>> master_kdc = dc1.ipadomain.net:88
>> admin_server = dc1.ipadomain.net:749
>> default_domain = ipadomain.net
>> pkinit_anchors = FILE:/etc/ipa/ca.crt
>> auth_to_local =
>> RULE:[1:$1@$0](^.*@SUB.ADDOMAIN.NET$)s/@SUB.ADDOMAIN.NET/@sub.addomain.net/
>> auth_to_local = DEFAULT
>> }
>>
>> Would I just literally copy that section and change the names?
>> eg:
>>
>> SUB.ADDOMAIN.NET = {
>> kdc = dc1.ipadomain.net:88
>> master_kdc = dc1.ipadomain.net:88
>> admin_server = dc1.ipadomain.net:749
>> default_domain = ipadomain.net
>
> you should add the AD DC and AD realm here
>
> The following lines you can just drop.
>
> HTH
>
> bye,
> Sumit
More information about the Freeipa-users
mailing list