Hello<br><div id="yMail_cursorElementTracker_1478549183028">Sorry didn't explain. The ipa is the default domain, but I also want to use the Windows domain to authenticate, but I want the OS to detect what realm to use in the ssh command.</div><div id="yMail_cursorElementTracker_1478549503360"><br></div><div id="yMail_cursorElementTracker_1478549503787">Thanks</div> <br> <blockquote style="margin: 0 0 20px 0;"> <header style="font-family:Roboto, sans-serif; color:#6D00F6;"> <div>On Mon, 7 Nov, 2016 at 11:48, Martin Basti</div><div><mbasti@redhat.com> wrote:</div> </header> <div style="padding: 10px 0 0 20px; margin: 10px 0 0 0; border-left: 1px solid #6D00F6;"> 
    <p>AFAIK Jakub already answered that
<a rel="nofollow" shape="rect" class="moz-txt-link-freetext" target="_blank" href="https://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html">https://www.redhat.com/archives/freeipa-users/2016-November/msg00031.html</a></p>
    <div class="yQTDBase yqt5500608766" id="yqt50974"><div class="moz-cite-prefix">On 07.11.2016 12:05, James Harrison
      wrote:<br clear="none">
    </div>
    <blockquote type="cite">Anyone ?<br clear="none">
      <br clear="none">
      <div id="ymail_android_signature"><a rel="nofollow" shape="rect" target="_blank" href="https://overview.mail.yahoo.com/mobile/?.src=Android">Sent
          from Yahoo Mail on Android</a></div>
      <br clear="none">
      <blockquote style="margin:0 0 20px 0;">
        
          <div>On Fri, 4 Nov, 2016 at 11:04, James Harrison</div>
          <div><a rel="nofollow" shape="rect" class="moz-txt-link-rfc2396E" ymailto="mailto:jamesaharrisonuk@yahoo.co.uk" target="_blank" href="javascript:return"><jamesaharrisonuk@yahoo.co.uk></a> wrote:</div>
        
        <div style="padding:10px 0 0 20px;margin:10px 0 0 0;border-left:1px solid #6D00F6;">
          <div style="color:#000;background-color:#fff;font-family:verdana, helvetica, sans-serif;font-size:16px;">
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3311">Hello,</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3558"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3667">I've
              installed FreeIPA 4.2 master using Centos and I have a
              Windows 2012R2 with its AD schema emulating a Windows 2012
              system</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3668"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3669">I
              have established a trust between the two and it appears to
              work. I can reference a user on the AD domain, but the
              only way is to add the AD domain. <br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3670"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3671">The
              only way to ssh to the master IPA server is like this:<br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3672"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3673">
              ssh <a rel="nofollow" shape="rect" class="moz-txt-link-rfc2396E" ymailto="mailto:x_xxxx@IPAWIN.LOCAL" target="_blank" href="javascript:return">"x_xxxx@IPAWIN.LOCAL"</a>@10.10.10.10</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3674"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3675">Another
              example is using kinit:</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3676"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3693">I
              have to do the following to get a credential:</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3694">kinit
              <a rel="nofollow" shape="rect" class="moz-txt-link-abbreviated" ymailto="mailto:x_xxxx@IPAWIN.LOCAL" target="_blank" href="javascript:return">x_xxxx@IPAWIN.LOCAL</a></div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3734"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3733">Ideally
              I would not need or use the "@IPAWIN.LOCAL". <br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3743"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3744">Can
              anyone help?</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3765"><br clear="none">
            </div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3766">Best
              regards,</div>
            <div dir="ltr" id="yui_3_16_0_ym19_1_1478256967956_3768">James
              Harrison<br clear="none">
            </div>
          </div>
        </div>
      </blockquote>
      <br clear="none">
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br clear="none">
    </blockquote></div>
    <br clear="none">
   </div> </blockquote>