On Thu, Aug 04, 2016 at 03:39:26PM +0200, Troels Hansen wrote: > Hmm, was too fast. > > ldap_user_principal = nosuchattr > subdomain_inherit = ldap_user_principal > > Works, but ONLY from the IPA server. > > If I do the same from a client, I still get: > > (Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [get_and_save_tgt] > (0x0020): 1234: [-1765328378][Client '[email protected]' not found in Kerberos > database] > (Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [map_krb5_error] > (0x0020): 1303: [-1765328378][Client '[email protected]' not found in Kerberos > database] > (Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [k5c_send_data] > (0x0200): Received error code 1432158209 > > Any reason for this not working on a normal client ?
Can you clear the caches on the client? The client receives the principals from the server the same way as it receives other attributes. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
