On ke, 03 tammi 2018, Sumit Bose via FreeIPA-users wrote:
On Wed, Jan 03, 2018 at 07:56:57PM +0700, Николай Савельев via FreeIPA-users
I have ipa domain with AD trust. id ad_users@ad_domain works. su
kinit ad_users@ad_domain don't works in ubuntu but works in centos 7
/etc/krb5.conf is the same.
ipa servers work on centos 7. Ipa client work on ubuntu 14.04 or 16.04.
I also can't get access from AD member windos to SAMBA shares on IPA members
What can i do?
Oh, I forgot to say about error!
For kinit AD user i get:
kinit: KDC reply did not match expectations while getting initial credentials
Then using 'kinit -C ...' or 'canonicalize= true' in krb5.conf should
A bit of caution: Ubuntu may use Heimdal and their parser for krb5.conf
does not know about 'canonicalize' option at all, so you'd have always
use 'kinit --canonicalize' when running with Heimdal.
/ Alexander Bokovoy
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org