On ma, 26 syys 2016, Troels Hansen wrote:



----- On Sep 26, 2016, at 10:18 AM, Sumit Bose sb...@redhat.com wrote:


Have you checked the firewalls? AD clients must be able to talk to the
KDC port (88 udp and tcp) on the IPA servers to get service tickets for
IPA hosts.



KDC ports seems to work....  Besides, I don't have a TGT for the IPA
(LX) domain, untill I try to SSH to it. I guess I shouldn't be able to
if KDC traffic was blocked?
cross-realm TGT is issued by your AD DC.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to