On to, 18 huhti 2019, Henry Pelke via FreeIPA-users wrote:
Good morning,
I have recently setup an environment with FreeIPA 4.6.4-10 using CentOS 7
as the IPA Master. After setting up I joined the IPA master to the local AD
and everything seemed to work fine.
The issue I'm facing is that after adding the external and POSIX group's I
can authenticate to the IPA Master as an AD user but the server with the
IPA client doesn't appear to be able to authenticate AD users.
The client server is unable to run getent or kinit against any ad user and
returns 'Cannot find KDC for realm "<ad domain>"...'
Make sure your clients have Kerberos configuration (in krb5.conf or
/etc/krb5.conf.d/) that defines AD realms or allows to discover AD
realms from DNS.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
