On Tue, 17 May 2016, John Meyers wrote:

I have established a 2-way forest trust between FreeIPA (4.2.4-1.fc23)
and AD (Windows 2012R2).  The IPA side works perfect and AD users can
authenticate against IPA resources.  However, when one tries to add an
IPA user or group to a Windows permission set (e.g. an NTFS ACL or user
right), Windows successfully obtains a Kerberos ticket for the IPA user
but then fails when trying to obtain the LDAP principal of the IPA
server.  KDC logs follows:
The other leg is not supported.

Read http://www.freeipa.org/page/V4/One-way_trust#Design for details.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to