[Freeipa-users] SSH login using putty from Windows to SSSD client in IPA AD trust
Troels Hansen
th at casalogic.dk
Wed Sep 7 08:47:26 UTC 2016
----- On Sep 7, 2016, at 10:31 AM, Sumit Bose sbose at redhat.com wrote:
>
> So I guess there is no cross-realm ticket either, i.e.
> krbtgt/IPA.DOMAIN at AD.DOMAIN. Can you check on AD if the IPA DNS domain
> is listed in the 'Name Suffix Routing' tab in the trust properties of
> the IPA domain? Additionally please check if the DNS SRV records like
> e.g. _kerberos._udp.ipa.domain can be resolved on the AD side.
>
No, no cross realm tickets on Windows client. Its a one-way trust if that makes a difference?
DNS is working. DNS config is only done on AD side, so IPA dns config is done there and Linux clients is configured to use AD as DNS.
Alexander just wrote that if we had used shared secret to create the trust the routing is missing and can't be fetched afterwards.
More information about the Freeipa-users
mailing list