On ke, 03 tammi 2018, Sumit Bose via FreeIPA-users wrote:
On Wed, Jan 03, 2018 at 07:56:57PM +0700, Николай Савельев via FreeIPA-users 
wrote:
I have ipa domain with AD trust. id ad_users@ad_domain works. su 
ad_users@ad_domain works.
kinit ad_users@ad_domain don't works in ubuntu but works in centos 7
What?
/etc/krb5.conf is the same.
ipa servers work on centos 7. Ipa client work on ubuntu 14.04 or 16.04.
I also can't get access from AD member windos to SAMBA shares on IPA members 
linux,

What can i do?





Oh, I forgot to say about error!
For kinit AD user i get:
kinit: KDC reply did not match expectations while getting initial credentials

Then using 'kinit -C ...' or 'canonicalize= true' in krb5.conf should
help.
A bit of caution: Ubuntu may use Heimdal and their parser for krb5.conf
does not know about 'canonicalize' option at all, so you'd have always
use 'kinit --canonicalize' when running with Heimdal.

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to