On Tue, 04 Feb 2014, Mark Gardner wrote:
I'm trying to configure our CentOS IPA Client for Single Sign On from our
trusted AD domain.
SSO works fine when I ssh to the IPA server, but not to the CentOS Client.
It prompts for password which it accepts, so it's getting the
authentication from the AD domain.
Fedora 20 IPA Server
CentOS 6.5 IPA Client
Win 2012 AD Domain Server
Setup as IPA as a subdomain of AD.
AD Domain: test.local
IPA Domain: hosted.test.local
Anybody run into this? Suggestions?
Each client needs to be configured to accept AD users' SSO.
Check that /etc/krb5.conf contains auth_to_local rules mapping principals from
AD to their names as returned by SSSD.
SSH daemon is picky about principal/name mapping.
/ Alexander Bokovoy
Freeipa-users mailing list