On Tue, 2015-03-31 at 19:36 +0200, Matt . wrote:
> OK, but as I say, without the loadbalancer, same domain it works.
> 
All the more reason to capture the session and review it in wireshark.

> My IPA server also sees the client name and ptr as I do nat.
> 
> So you create a keytab for your host you are doing the commands from ?
all of my hosts get a host principal and have it put
in /etc/krb5.keytab.  i run kadmin to generate them.  freeipa likely has
utilities for this, but am not sure what they are.

> I was using a user keytab and run my commands as that user, that works
> to ipa-01
> 
> It's getting something more clear.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to