On 20 June 2017 at 18:07, Alexander Bokovoy <aboko...@redhat.com> wrote:
> On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users wrote: > >> Hello, >> >> I have a FreeIPA domain, i.rdmedia.com, (CentOS 7.3, fully up-to-date: >> rpm >> versions are 4.4.0-14.el7.centos.7) with a two-way, non-transitive, >> external trust to an Active Directory domain in another forest, >> clients.rdmedia.com, (Windows Server 2012R2). I've setup the trust using >> the Administrator credentials. >> >> As one of the final steps, I would like to get passwordless SSH-access >> using GSSAPI to work, but unfortunately I get the following error in the >> Putty log when connecting from an AD domain-joined client: >> >> Event Log: GSSAPI authentication initialisation failed >> Event Log: The target was not recognized >> > "Target was not recognized" means your AD DC does not know that > requests for services in .i.rdmedia.com domain must be routed to FreeIPA > DC. > What does > > netdom trust clients.rdmedia.com /namesuffixes:i.rdmedia.com > > say on clients.rdmedia.com's DC? It says: The parameter is incorrect. Actually, I don't see the Name Suffix Routing tab in the incoming/outgoing trust properties either, only the General and Authentication tabs. > > -- > / Alexander Bokovoy >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
