After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.

Step 12 in this document:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.htmlsays:

Then, request service tickets for services within the Active Directory
domain.
[root@ipaserver ]# kvno cifs/adserver.adexample.com@AD.DOMAIN
If the Active Directory service ticket is succcessfully granted, then there
will be a cross-realm TGT listed with all of the other requested tickets.
This will have the name krbtgt/AD.DOMAIN@IPA.DOMAIN.

I get an error back:
# kvno cifs/dc1.miovision.c...@miovision.corp
kvno: Server not found in Kerberos database while getting credentials for
cifs/dc1.miovision.c...@miovision.corp

But I do have a krbtgt ticket/AD domain:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: sdainard-r...@miolinux.corp

Valid starting     Expires            Service principal
02/05/14 14:21:06  02/06/14 14:21:06  krbtgt/miolinux.c...@miolinux.corp
02/05/14 14:21:17  02/06/14 14:21:06  host/ipa1.miolinux.c...@miolinux.corp
02/05/14 14:21:20  02/06/14 14:21:06  krbtgt/miovision.c...@miolinux.corp

Also, is it normal to not find the Linux realm listed in the domain trust
list on the AD DC?



*Steve Dainard *
IT Infrastructure Manager
Miovision <http://miovision.com/> | *Rethink Traffic*
519-513-2407 ex.250
877-646-8476 (toll-free)

*Blog <http://miovision.com/blog>  |  **LinkedIn
<https://www.linkedin.com/company/miovision-technologies>  |  Twitter
<https://twitter.com/miovision>  |  Facebook
<https://www.facebook.com/miovision>*
------------------------------
 Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON,
Canada | N2C 1L3
This e-mail may contain information that is privileged or confidential. If
you are not the intended recipient, please delete the e-mail and any
attachments and notify us immediately.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to