[Freeipa-users] SSH login using putty from Windows to SSSD client in IPA AD trust
Alexander Bokovoy
abokovoy at redhat.com
Wed Sep 7 08:36:03 UTC 2016
On Wed, 07 Sep 2016, Troels Hansen wrote:
>
>----- On Sep 7, 2016, at 9:55 AM, Alexander Bokovoy abokovoy at redhat.com wrote:
>
>> "Target was not recognized" means AD DC doesn't know that
>> rhel02edv.linux.dr.dk belongs to LINUX.DR.DK realm and thus has to
>> forward the authentication requests there.
>>
>> What do you have in the trust properties on AD side? Specifically, what
>> does name routing suffixes show there?
>
>Yes, its correct, there is no routing configured.
>I can't see to be able to add it manually, and auto refresh doesn't work:
>https://fedorahosted.org/freeipa/ticket/5683
How exactly did you establish the trust? I see you have one-way trust
but did you establish it with AD admin credentials or using a shared
secret? If the latter, it is a known issue that AD does not activate the
trust for shared secret one-way case and aforementioned bug prevents us
to validate the rust afterwards.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list