I just had a long and fruitfull debugging session with Sumit and this is what we discovered.
The default settings do run fine for linux machines but for windows hosts they do not suffice. Sumit is submitting bug reports and hopefully they will be applied to the next 2.2.x release. This problem does not exist with version 3.x The workaround for 2.2.x releases is: For any target machine you want to enable forwarding tickets which have to be accessible with putty you will have to add the ok_as_delegate flag. To do that run the following commands on the ipa-server: # ipa host-mod --addattr='objectclass=krbTicketPolicyAux' destinationhost.domain # kadmin.local -q 'modprinc +ok_as_delegate host/destinationhost.domain@REALM' So far I working tickets on the destination machine if I used centrify putty to log in. This didn't work with the stock version of putty allas. # Han
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
