On 20 June 2017 at 18:07, Alexander Bokovoy <aboko...@redhat.com> wrote:

> On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users wrote:
>> Hello,
>> I have a FreeIPA domain, i.rdmedia.com, (CentOS 7.3, fully up-to-date:
>> rpm
>> versions are 4.4.0-14.el7.centos.7) with a two-way, non-transitive,
>> external trust to an Active Directory domain in another forest,
>> clients.rdmedia.com, (Windows Server 2012R2). I've setup the trust using
>> the Administrator credentials.
>> As one of the final steps, I would like to get passwordless SSH-access
>> using GSSAPI to work, but unfortunately I get the following error in the
>> Putty log when connecting from an AD domain-joined client:
>> Event Log: GSSAPI authentication initialisation failed
>> Event Log: The target was not recognized
> "Target was not recognized" means your AD DC does not know that
> requests for services in .i.rdmedia.com domain must be routed to FreeIPA
> DC.
> What does
>  netdom trust clients.rdmedia.com /namesuffixes:i.rdmedia.com
> say on clients.rdmedia.com's DC?

It says: The parameter is incorrect.

Actually, I don't see the Name Suffix Routing tab in the incoming/outgoing
trust properties either, only the General and Authentication tabs.

> --
> / Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to