On Tue, May 05, 2015 at 02:21:40PM -0700, nat...@nathanpeters.com wrote:
> I'm a little confused by that.
> If I add the AD dc, will my client try to contact AD directly to get a
> ticket?
> Doesn't it have to do get the ticket through FreeIPA by proxy somehow?

No, authentication is always performed against an AD DC directly.

> And to confirm what you meant by add the AD dc and realm, it would be like
> this ?
>  kdc = dc1.addomain.net:88
> }
> I don't need the master_kdc, admin_server, default_domain entries?

With a recent version of libkrb5 I don't think you need to set
master_kdc, libkrb5 should be able to follow referrals itself.
admin_servre, if unset, defaults to KDC. default_domain doesn't need to
be set either.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to