On Fri, Mar 27, 2015 at 05:00:43PM +0000, Srdjan Dutina wrote:
> I created the following test environment:
> 1. IPA server: v4.1.3 on Centos 7
> 2. Two-way trust with Active directory domain - Windows server 2012 R2
> 3. Connected multiple IPA clients:
> - Fedora 21 - v4.1.3
> - Centos 7 - v3.3.3
> - Centos 6.6 v.3.0.0
> to IPA domain.
> Using Kerberos ticket for AD user, I'm able to ssh to IPA server and Fedora
> client, but not to Centos clients, which have older IPA client versions.
> These clients just skip gssapi-with-mic auth and continue to password login
> (which is successful).
> Just to add that I can obtain Kerberos ticket using 'kinit' command for AD
> user from all clients and also get user and group IDs using 'id' command.
> Additionally, is it possible to join Centos 5 client to latest IPA server?
> Thank you.
Sounds a bit like the auth_to_local rules might be acting up, did you
configure krb5.conf according to
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project