Hi, all!

I run FreeIPA 4.2 bundled with RHEL7.2 with all latest errata installed

I tried to use kdcproxy in DMZ environment so I enabled KDCproxy on 
server and explicitly set AD server records in server`s [realm] section 
of krb5.conf.

After that I disabled KDC DNS autodiscovery on client and pointed my AD 
domain entries of client`s krb5.conf  to IPA server KDCproxy URL.

That gave me partial success: I can obtain tgt ticket on client with 
kinit command, but I can not login in to that user account in that 
client via ssh with following error in /var/log/messages:

[sssd[krb5_child[XXXX]]]: Cannot contact any KDC for realm 'MY_AD_REALM'

Any clues to get successful sshd login in kdcproxy environment?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to