[Freeipa-users] how to force switch to another kdc
Natxo Asenjo
natxo.asenjo at gmail.com
Tue Jan 5 18:31:41 UTC 2016
On Tue, Jan 5, 2016 at 7:22 PM, Karl Forner <karl.forner at gmail.com> wrote:
> update:
>
> modifying the /etc/krb5.conf, and replacing the name of my freeipa master
> by the replica fixes the problem.
> So that proves that the kdc is not picked up by discovery.
>
> The problem is that my ubuntu box was enrolled using the
> ipa-client-install script, and so should be properly configured.
>
> Did I miss any critical option ?
> What should the /etc/krb5.conf be like ?
>
Could you post your krb5.conf ?
This is a working example in a centos 6 host:
al-only additions here, put content in /etc/motd-local ##
]$ cat /etc/krb5.conf
includedir /var/lib/sss/pubconf/krb5.include.d/
#File modified by ipa-client-install
[libdefaults]
default_realm = IPA.DOMAIN.TLD
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
IPA.DOMAIN.TLD = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.ipa.domain.tld = IPA.DOMAIN.TLD
ipa.domain.tld = IPA.DOMAIN.TLD
--
regards,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160105/092ac607/attachment.htm>
More information about the Freeipa-users
mailing list