Matthew Davidson wrote:
" Is this from the client or from the server? I bet on the server."

That is from the client. I sent a reply to Rob about the DNS, but I was
under the assumption that the client was using the config files.

We recommend using a different realm name for the IPA realm, it makes life much simpler. You can try disabling DNS lookups for the KDC in /etc/krb5.conf and defining a KDC. You may also need to tell the sssd locator, configured in /var/lib/sss/pubconf/kdcinfo.$REALM.

IPA and AD both attempt to use the same DNS SRV records for autodiscovery. What is happening is your client is getting the AD information and trying to authenticate against it.



Freeipa-users mailing list

Reply via email to