[Freeipa-users] Cross Domain Trust
Zoske, Fabian
f.zoske at euroimmun.de
Mon Jan 11 14:56:01 UTC 2016
I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which includes SSSD 1-13-3.
Now I have the same problem on Ubuntu.
On Ubuntu 14.04 I have installed the shipped SSSD-1.11.5 and everything works.
Best regards,
Fabian
-----Ursprüngliche Nachricht-----
Von: Sumit Bose [mailto:sbose at redhat.com]
Gesendet: Dienstag, 15. Dezember 2015 13:38
An: Zoske, Fabian
Cc: freeipa-users at redhat.com
Betreff: Re: [Freeipa-users] Cross Domain Trust
On Tue, Dec 15, 2015 at 10:58:09AM +0000, Zoske, Fabian wrote:
> I’ve setup an IPA-Server with a handful of clients and AD-Trust.
> The server is a CentOS7.1 with IPA4.1 and the clients are mostly Ubuntu Server 14.04 LTS.
> Our IPA-Domain is like ipa-domain.com and our AD-Domain is like ad-domain.local, but our user principals in AD are user at old-domain.com<mailto:user at old-domain.com> for backward compatibility.
>
> On the Ubuntu clients I can login with my AD-Credentials, but when trying to do the same on a joined CentOS Server I can’t login.
> In the logs I can see, that there is no KDC for OLD-DOMAIN.COM is found.
>
> Why does this scenario works on Ubuntu but not on CentOS?
> Can I do something about this?
Are there any differences in /etc/krb5.conf on the Ubuntu client and on the CentOS servers?
What name servers are configured? Typically the clients should use the IPA server as a name server.
bye,
Sumit
>
> Best regards,
> Fabian
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list