On 01/16/2013 08:55 AM, Simo Sorce wrote:
> On Tue, 2013-01-15 at 17:57 -0500, Sylvain Angers wrote:
>> Some rhel6.2 have problem with authenticating against IPA v2.2
>> while some others on same domain do not have issue but still get the
>> same
>> error "Failed to init credentials: Realm not local to KDC"
> Because you are putting machines in the top domain I suspect your client
> is trying to resolve the realm via SRV records and finds those of the AD
> server. You may want to statically configure the default _realm and the
> [domain_realm] section in your client krb5.conf and turn off dns
> discovery in krb5.conf for those client.
> Simo.
Not only that. The fact that getent failed might mean that LDAP
connection was not established or was attempted against the wrong server.

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to