On Wed, 09 Sep 2015, alireza baghery wrote:
i install centos 6.7 trust with Windows 2008 r2 (User AD can not Login)
and get log in IPA SERVER file: /var/log/krb5kdc.log
domain IPA:  l.infotechpsp.net

Sep 09 15:09:20 ipareplica.l.infotechpsp.net krb5kdc[1518](info): AS_REQ (4
etypes {18 17 16 23}) NEEDED_PREAUTH: host/
ussddm.l.infotechpsp....@l.infotechpsp.net for krbtgt/
l.infotechpsp....@l.infotechpsp.net, Additional pre-authentication required
IS it correct? l.infotechpsp....@l.infotechpsp.net
I don't understand what you are trying to say. NEEDED_PREAUTH is normal.

Use CentOS 7.x if you want to have trust with Active Directory.
Server code for trusts was a tech preview in RHEL 6.x.

Follow http://www.freeipa.org/page/Active_Directory_trust_setup and
debugging chapter in it for debugging. Also use
https://fedorahosted.org/sssd/wiki/Troubleshooting for debugging
SSSD-related issues, if any.

Right now you did not provide any information. And really, move to a
newer CentOS 7 version.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to