[Freeipa-users] sshd login in kdcproxy environment
Vladimir Kondratyev
VKondratyev at bellintegrator.ru
Fri Jul 29 13:13:31 UTC 2016
Hi, all!
I run FreeIPA 4.2 bundled with RHEL7.2 with all latest errata installed
I tried to use kdcproxy in DMZ environment so I enabled KDCproxy on
server and explicitly set AD server records in server`s [realm] section
of krb5.conf.
After that I disabled KDC DNS autodiscovery on client and pointed my AD
domain entries of client`s krb5.conf to IPA server KDCproxy URL.
That gave me partial success: I can obtain tgt ticket on client with
kinit command, but I can not login in to that user account in that
client via ssh with following error in /var/log/messages:
[sssd[krb5_child[XXXX]]]: Cannot contact any KDC for realm 'MY_AD_REALM'
Any clues to get successful sshd login in kdcproxy environment?
Thanks!
More information about the Freeipa-users
mailing list