[Freeipa-users] problem in ipa trust with AD
Alexander Bokovoy
abokovoy at redhat.com
Wed Sep 9 14:22:32 UTC 2015
On Wed, 09 Sep 2015, alireza baghery wrote:
>hi
>i install centos 6.7 trust with Windows 2008 r2 (User AD can not Login)
>and get log in IPA SERVER file: /var/log/krb5kdc.log
>domain IPA: l.infotechpsp.net
>
>++++++++++++++
>Sep 09 15:09:20 ipareplica.l.infotechpsp.net krb5kdc[1518](info): AS_REQ (4
>etypes {18 17 16 23}) 10.30.120.20: NEEDED_PREAUTH: host/
>ussddm.l.infotechpsp.net at L.INFOTECHPSP.NET for krbtgt/
>L.INFOTECHPSP.NET at L.INFOTECHPSP.NET, Additional pre-authentication required
>++++++++
>IS it correct? l.infotechpsp.net at l.infotechpsp.net
I don't understand what you are trying to say. NEEDED_PREAUTH is normal.
Use CentOS 7.x if you want to have trust with Active Directory.
Server code for trusts was a tech preview in RHEL 6.x.
Follow http://www.freeipa.org/page/Active_Directory_trust_setup and
debugging chapter in it for debugging. Also use
https://fedorahosted.org/sssd/wiki/Troubleshooting for debugging
SSSD-related issues, if any.
Right now you did not provide any information. And really, move to a
newer CentOS 7 version.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list