[Freeipa-users] Cannot find KDC for realm "MYDOMAIN.NET" - AD trust and UPN issues
nathan at nathanpeters.com
nathan at nathanpeters.com
Thu May 7 15:53:47 UTC 2015
> On 05/06/2015 12:14 AM, Nathan Peters wrote:
>>> From this link :
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html#comp-trust-krb
>>
>>
>> The diagram in that section shows the client communicating with
>> FreeIPA and FreeIPA contacting AD.
>>
>> So why are you saying the client authenticates with the AD DC directly?
>
> You are looking at the older documentation. It is for RHEL6. Please use
> RHEL7.1 docs to get the latest info about 4.1 functionality.
>
Well according to the 7 docs here
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/active-directory-trust.html
it still shows in section 5.1.3.1 of that page that the sssd sends the
request on behalf of the client and the client never directly connects to
the AD dc.
Both the 6 and 7 docs show the exact same diagram.
More information about the Freeipa-users
mailing list