[Freeipa-users] SSH auth failing in IPA trust
Jakub Hrozek
jhrozek at redhat.com
Thu Aug 4 14:05:42 UTC 2016
On Thu, Aug 04, 2016 at 03:39:26PM +0200, Troels Hansen wrote:
> Hmm, was too fast.
>
> ldap_user_principal = nosuchattr
> subdomain_inherit = ldap_user_principal
>
> Works, but ONLY from the IPA server.
>
> If I do the same from a client, I still get:
>
> (Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [get_and_save_tgt] (0x0020): 1234: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
> (Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [map_krb5_error] (0x0020): 1303: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
> (Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [k5c_send_data] (0x0200): Received error code 1432158209
>
> Any reason for this not working on a normal client ?
Can you clear the caches on the client? The client receives the principals
from the server the same way as it receives other attributes.
More information about the Freeipa-users
mailing list