[Freeipa-users] Password-based authentication with AD users does not work
Sumit Bose
sbose at redhat.com
Tue Apr 11 10:21:02 UTC 2017
On Mon, Apr 10, 2017 at 11:49:05AM +0200, Ronald Wimmer wrote:
> On 2017-04-07 10:28, Sumit Bose wrote:
> > [...]
> > I'm not aware of any limitation here. Have you tried to run 'ipa
> > trust-fetch-domains ad.forest.root' to update the list?
> >
> > If this does not help please add 'log level = 100' to
> > /usr/share/ipa/smb.conf.empty so that it looks like:
> >
> > [global]
> > log level = 100
> >
> > and run trust-fetch-domains again. The debug output can then be found
> > in /var/log/httpd/error_log. [...]
>
> Not one error in the error_log - absolutely nothing. Our AD guys confirmed
> that there are many more UPN suffixes than the five I can see when I run ipa
> trust-find.
>
> Can somebody confirm that this UPN suffix mismatch is exactly the problem
> preventing password-based login in my case?
To close the thread, it turned out that the original issue with
authenticating with enterprise principals is a bug which is now tracked
by https://bugzilla.redhat.com/show_bug.cgi?id=1441077.
bye,
Sumit
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list