Dear Alexander, Sorry, yes indeed using ipa-client-install. The ipaclient-install.log should be attached, I can upload to dropbox if needed. Discovery happens succesfully, but LDAP GSSAPI authentication is failing for some reason.
Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 11 Mar 2019, at 14:27, Alexander Bokovoy <aboko...@redhat.com<mailto:aboko...@redhat.com>> wrote: On ma, 11 maalis 2019, Callum Smith via FreeIPA-users wrote: Dear IPA Gurus I have a client that's incapable of joining the FreeIPA realm, it's in a different DNS sub-zone but is in the same realm. I get the feeling that there's a kerberos principal missing somewhere to get this all to work, but I can't quite see where it might be. Simple authentication ldapsearch using cn=Directory Manager functions perfectly well to the ipa host in question, however anonymous binds are disabled. I'm not clear why this wouldn't be working. >From the above it is unclear what your problem is. Can you show what exactly is failing? ipa-client-install is failing? Show logs from /var/log/ipaclient-install.log. You aren't using FreeIPA enrollment? How exactly did you try to enroll that client? Show sequence of commands you ran. It is not easy to help with no logs and exact steps tried. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org