Matthew Davidson wrote:
" Is this from the client or from the server? I bet on the server."
That is from the client. I sent a reply to Rob about the DNS, but I was
under the assumption that the client was using the config files.
We recommend using a different realm name for the IPA realm, it makes
life much simpler. You can try disabling DNS lookups for the KDC in
/etc/krb5.conf and defining a KDC. You may also need to tell the sssd
locator, configured in /var/lib/sss/pubconf/kdcinfo.$REALM.
IPA and AD both attempt to use the same DNS SRV records for
autodiscovery. What is happening is your client is getting the AD
information and trying to authenticate against it.
Freeipa-users mailing list