I created the following test environment:
1. IPA server: v4.1.3 on Centos 7
2. Two-way trust with Active directory domain - Windows server 2012 R2
3. Connected multiple IPA clients:
- Fedora 21 - v4.1.3
- Centos 7 - v3.3.3
- Centos 6.6 v.3.0.0
to IPA domain.
Using Kerberos ticket for AD user, I'm able to ssh to IPA server and Fedora
client, but not to Centos clients, which have older IPA client versions.
These clients just skip gssapi-with-mic auth and continue to password login
(which is successful).
Just to add that I can obtain Kerberos ticket using 'kinit' command for AD
user from all clients and also get user and group IDs using 'id' command.
Additionally, is it possible to join Centos 5 client to latest IPA server?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project