[Freeipa-users] Password-based authentication with AD users does not work
Ronald Wimmer
ronaldw at ronzo.at
Thu Apr 6 11:55:02 UTC 2017
On 2017-04-06 12:16, Sumit Bose wrote:
> On Thu, Apr 06, 2017 at 12:58:32PM +0200, Ronald Wimmer wrote:
> [...]
>> AD trust:
>> mydomain.at (forest root)
>> xyz (subdomain -> where myuser resides)
>>
>> BCC (appearing in krb5_child.log) is not a domain here. It is my company's
>> name and might derive from some information in the AD.
> Yes, it is about the userPrincipalName attribute read from AD. Which IPA
> server version do you use? Since RHEL-7.3 IPA supports those principals
> coming from AD. For older versions you should add a workaround which is
> e.g. described at the end of
> https://www.redhat.com/archives/freeipa-users/2016-November/msg00069.html
>
> HTH
>
> bye,
> Sumit
I am using an up-to-date RHEL 7.3 IPA master. Is there no possibility to
override it?
More information about the Freeipa-users
mailing list