On Fri, Mar 27, 2015 at 05:00:43PM +0000, Srdjan Dutina wrote:
> Hi,
> 
> I created the following test environment:
> 
> 1. IPA server: v4.1.3 on Centos 7
> 2. Two-way trust with Active directory domain - Windows server 2012 R2
> 3. Connected multiple IPA clients:
> - Fedora 21 - v4.1.3
> - Centos 7 - v3.3.3
> - Centos 6.6 v.3.0.0
> 
> to IPA domain.
> 
> Using Kerberos ticket for AD user, I'm able to ssh to IPA server and Fedora
> client, but not to Centos clients, which have older IPA client versions.
> These clients just skip gssapi-with-mic auth and continue to password login
> (which is successful).
> 
> Just to add that I can obtain Kerberos ticket using 'kinit' command for AD
> user from all clients and also get user and group IDs using 'id' command.
> 
> Additionally, is it possible to join Centos 5 client to latest IPA server?
> 
> Thank you.

Sounds a bit like the auth_to_local rules might be acting up, did you
configure krb5.conf according to
http://www.freeipa.org/page/Active_Directory_trust_setup#Edit_.2Fetc.2Fkrb5.conf
?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to