I looked deeper into the problem and tested it with ubuntu 16.04 Alpha which includes SSSD 1-13-3. Now I have the same problem on Ubuntu. On Ubuntu 14.04 I have installed the shipped SSSD-1.11.5 and everything works.
Best regards, Fabian -----Ursprüngliche Nachricht----- Von: Sumit Bose [mailto:sb...@redhat.com] Gesendet: Dienstag, 15. Dezember 2015 13:38 An: Zoske, Fabian Cc: email@example.com Betreff: Re: [Freeipa-users] Cross Domain Trust On Tue, Dec 15, 2015 at 10:58:09AM +0000, Zoske, Fabian wrote: > I’ve setup an IPA-Server with a handful of clients and AD-Trust. > The server is a CentOS7.1 with IPA4.1 and the clients are mostly Ubuntu > Server 14.04 LTS. > Our IPA-Domain is like ipa-domain.com and our AD-Domain is like > ad-domain.local, but our user principals in AD are > u...@old-domain.com<mailto:u...@old-domain.com> for backward compatibility. > > On the Ubuntu clients I can login with my AD-Credentials, but when trying to > do the same on a joined CentOS Server I can’t login. > In the logs I can see, that there is no KDC for OLD-DOMAIN.COM is found. > > Why does this scenario works on Ubuntu but not on CentOS? > Can I do something about this? Are there any differences in /etc/krb5.conf on the Ubuntu client and on the CentOS servers? What name servers are configured? Typically the clients should use the IPA server as a name server. bye, Sumit > > Best regards, > Fabian > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project