Alexander Bokovoy wrote:
As http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain
explains, you need to have proper mapping of domains to realms and have
proper definitions for those realms.

We don't see your krb5.conf, so if it deviates from what the wiki
describes, you need to be explicit in your details.
Much appreciated. Here is the krb5.conf file -- I commented out the Include line for /var/lib/sss/pubconf/krb5.include.d/ and brought that data into the /etc/krb5.conf file so I only had a single file and set of settings to look at:

Regards,
Chris


#File modified by ipa-client-install
#includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]

default_realm = COMPANY-IDM.ORG
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}

[realms]

COMPANY-IDM.ORG = {
kdc = usaeilidmp001.COMPANY-IDM.org:88
master_kdc = usaeilidmp001.COMPANY-IDM.org:88
admin_server = usaeilidmp001.COMPANY-IDM.org:749
default_domain = COMPANY-IDM.org
pkinit_anchors = FILE:/etc/ipa/ca.crt

  }

[domain_realm]

.COMPANY-IDM.org = COMPANY-IDM.ORG
COMPANY-IDM.org = COMPANY-IDM.ORG
.company-aws.org = COMPANY-IDM.ORG
company-aws.org = COMPANY-IDM.ORG
.company-test.org = COMPANY-IDM.ORG
company-test.org = COMPANY-IDM.ORG

[capaths]

company-aws.org = {
  COMPANY-IDM.ORG = company-aws.org

}

COMPANY-IDM.ORG = {
  company-aws.org = company-aws.org

}

company-test.org = {
COMPANY-IDM.ORG = company-test.org

}

COMPANY-IDM.ORG = {

company-test.org = company-test.org
}

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to