On Tue, Jan 5, 2016 at 7:22 PM, Karl Forner <karl.for...@gmail.com> wrote:
> update: > > modifying the /etc/krb5.conf, and replacing the name of my freeipa master > by the replica fixes the problem. > So that proves that the kdc is not picked up by discovery. > > The problem is that my ubuntu box was enrolled using the > ipa-client-install script, and so should be properly configured. > > Did I miss any critical option ? > What should the /etc/krb5.conf be like ? > Could you post your krb5.conf ? This is a working example in a centos 6 host: al-only additions here, put content in /etc/motd-local ## ]$ cat /etc/krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ #File modified by ipa-client-install [libdefaults] default_realm = IPA.DOMAIN.TLD dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] IPA.DOMAIN.TLD = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .ipa.domain.tld = IPA.DOMAIN.TLD ipa.domain.tld = IPA.DOMAIN.TLD -- regards, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project