I have ipa domain with AD trust. id ad_users@ad_domain works. su 
ad_users@ad_domain works.
kinit ad_users@ad_domain don't works in ubuntu but works in centos 7
/etc/krb5.conf is the same.
ipa servers work on centos 7. Ipa client work on ubuntu 14.04 or 16.04.
I also can't get access from AD member windos to SAMBA shares on IPA members 

What can i do?

Oh, I forgot to say about error!
For kinit AD user i get:
kinit: KDC reply did not match expectations while getting initial credentials

My krb5.conf:

includedir /var/lib/sss/pubconf/krb5.include.d/

  default_realm = FS.LAN
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  dns_canonicalize_hostname = false
  forwardable = true
  udp_preference_limit = 0
  default_ccache_name = KEYRING:persistent:%{uid}

  FS.LAN = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt


  .fs.lan = FS.LAN
  fs.lan = FS.LAN

С уважением, Николай.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to