On Tue, 17 May 2016, lejeczek wrote:
hi users/devs

I've used wiki pages to set AD - IPA trust, and it always end up being
realm type of trust (@ AC DC end) whereas wiki shows forest type.
What am I doing wrong?
Probably because you are choosing wrong type of trust on AD side.

Remove any trust with the same name as IPA on AD side and try to create
the trust using 'ipa trust-add' command, as described in the wiki or in
the documentation.

I think I must be doing something wrong for having that trust
established (or I least I think I have it) when @IPA end I do:

$ kinit Administrator@ad_dom
Password for Administrator@ad_dom: 
kinit: KDC reply did not match expectations while getting initial
credentials
This is unrelated. In Kerberos realm is supposed to be in UPPER CASE. If
you specified it in lower case, AD DC would accept that and would issue
a ticket with corrected principal name but 'kinit' utility would not
accept the changed principal.

kinit Administrator@AD_DOM is what would you need to try. However, being
able to kinit as AD user from IPA machine has nothing to do with IPA -
AD trust.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to