On Fri, 29 Nov 2013, Simo Sorce wrote:
On Thu, 2013-11-28 at 15:04 +0200, Alexander Bokovoy wrote:
On Wed, 27 Nov 2013, Alexander Bokovoy wrote:
> Hi!
>
> Attached patch should solve an issue when fetching subdomains fails
> shortly after trust has been established due to MS-PAC caching effects
> on KDC. We have already made an alternative path to use when AD admin
> credentials are available but failed to actually use them here.
>
> Details in the patch.
>
> https://fedorahosted.org/freeipa/ticket/4046
New version attached. It makes sure we use correct domain name when
constructing credentials for NTLMSSP authentication if AD administrator
credentials do not include one.
Many thanks to Scott Poore who kindly provided Windows Server 2008R2
setup which failed for the original case and also for the first version
of this patch.
sorry if this has already been doced somewhere, but any reason why you
can't use Kerberos auth with the AD user ?
I think I had some issues with that early in the development, cannot
remember right now what was it.
Can you file a ticket so that we look at refactoring it later?
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
