Hi, I'm not sure I completely understood your question, but maybe the following doc will help you: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-managing#UPN-in-a-trust
If the AD forest root is configured with additional UPN suffixes, you can use *ipa trust-fetch-domains* to discover the additional UPN suffixes and they will be visible with *ipa trust-show*. flo On Wed, Mar 16, 2022 at 4:25 PM Florian Wilhelm via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > We are successfully running a FreeIPA setup connected to an AD using > kerberos to authenticate. (IPA is used as provider). > Our windows domain name is not identical to our main mail domain. For some > users the User logon name in windows (the one with @ not the old > pre-win2000 one) is using a domain name which has no kerberos servers etc. > In windows authentication works perfectly, but in our IPA setup we run into > a big issue. > > No matter which domain the user chooses to authenticate against our linux > servers, the linux server tries to authenticate against the kerberos > servers of the domain which has no servers. > In the krb5.conf we manually configured the kerberos servers of the > windows AD for this domain. Now we get [Realm not local to KDC] in the > krb5_child.log. > > Is there any way to forcefully replace the domain name when > authenticating? We tried using auth_to_local without success so far. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure