On Fri, Apr 19, 2013 at 12:47:47PM +0200, Natxo Asenjo wrote: > hi, > > just a little 'but'. > > when verifying the trust (point 12 > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html) > > > # kinit user > Password for nase...@ipa.asenjo.nx: > [root@kdc ~]# kvno host/host.ipa.asenjo...@ipa.asenjo.nx > host/host.ipa.asenjo...@ipa.asenjo.nx: kvno = 2 > [root@kdc ~]# kvno cifs/win2k8.ad.asenjo...@ad.asenjo.nx > kvno: KDC policy rejects request while getting credentials for > cifs/win2k8.ad.asenjo...@ad.asenjo.nx
Can you check if klist shows a cross-realm ticket like krbtgt/AD.REALM@IPA.REALM after the second kvno call? If yes, if might be a policy on the AD side which rejects the request. bye, Sumit > > -- > groet, > natxo _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users