Thanks, That was what I missed.
On Wed, Feb 5, 2014 at 2:39 AM, Alexander Bokovoy <[email protected]>wrote: > On Tue, 04 Feb 2014, Mark Gardner wrote: > >> I'm trying to configure our CentOS IPA Client for Single Sign On from our >> trusted AD domain. >> SSO works fine when I ssh to the IPA server, but not to the CentOS Client. >> It prompts for password which it accepts, so it's getting the >> authentication from the AD domain. >> >> Fedora 20 IPA Server >> CentOS 6.5 IPA Client >> Win 2012 AD Domain Server >> >> Setup as IPA as a subdomain of AD. >> AD Domain: test.local >> IPA Domain: hosted.test.local >> >> Anybody run into this? Suggestions? >> > Each client needs to be configured to accept AD users' SSO. > > Check that /etc/krb5.conf contains auth_to_local rules mapping principals > from > AD to their names as returned by SSSD. > > SSH daemon is picky about principal/name mapping. > -- > / Alexander Bokovoy >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
