On Wed, Jul 11, 2018 at 03:56:22PM -0000, Mike Conner via FreeIPA-users wrote: > This is now working after adding a stanza for the AD realm in /etc/krb5.conf > file. Should that be necessary?
Did you also add the KDCs for the AD realm? I'm asking because by default, sssd on the client does not know which KDCs to authenticate against and just calls into libkrb5 which discovers the AD KDCs with DNS SRV calls. So maybe you added some DCs which are known to be reachable which avoids SSSD going offline because the authenticated otherwise times out? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/L3X2EUTV7FOSBGJ4GPNYH657XTDVAVMV/