On 01/16/2013 08:55 AM, Simo Sorce wrote: > On Tue, 2013-01-15 at 17:57 -0500, Sylvain Angers wrote: >> Some rhel6.2 have problem with authenticating against IPA v2.2 >> while some others on same domain do not have issue but still get the >> same >> error "Failed to init credentials: Realm not local to KDC" >> > Because you are putting machines in the top domain I suspect your client > is trying to resolve the realm via SRV records and finds those of the AD > server. You may want to statically configure the default _realm and the > [domain_realm] section in your client krb5.conf and turn off dns > discovery in krb5.conf for those client. > > Simo. > Not only that. The fact that getent failed might mean that LDAP connection was not established or was attempted against the wrong server.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users