[Freeipa-users] Debugging failed password checks (SSH) for AD users at the other end of 1-way trusts
Chris Dagdigian
dag at sonsorol.org
Thu Dec 8 16:37:25 UTC 2016
Massive thank you; will test ASAP.
We mainly have to support CentOS/RHEL-6 and CentOS/RHEL-7 clients. Is
there any established guidance on upgrading SSSD in these environments?
Some sort of trusted repo where RPMs are built? I can hit the wiki and
website but figured I'd ask as well. Not sure what other dependencies
the SSSD framework may have or pull in.
Sumit Bose wrote:
> }
>
> at the very beginning of /etc/krb5.conf before and include or includedir
> directives should fix it. With the broken configuration libkrb5 thinks
> that there direct trust between NAFTA.COMPANY.ORG and COMPANYIDM.ORG
> which is not the case, everything has to go via COMPANY.ORG because
> that's the domain which trusts COMPANYIDM.ORG.
>
> Updating SSSD to a version with the fix might help as well.
>
> HTH
More information about the Freeipa-users
mailing list