On ke, 05 loka 2016, Chris Dagdigian wrote:

Alexander Bokovoy wrote:
As http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain
explains, you need to have proper mapping of domains to realms and have
proper definitions for those realms.

We don't see your krb5.conf, so if it deviates from what the wiki
describes, you need to be explicit in your details.
Much appreciated. Here is the krb5.conf file -- I commented out the Include line for /var/lib/sss/pubconf/krb5.include.d/ and brought that data into the /etc/krb5.conf file so I only had a single file and set of settings to look at:
you don't have explicit definition for the AD realms and you don't allow
Kerberos to discover neither realms nor their KDCs via DNS SRV records.

The latter happened because you have used --server option when
configuring the client -- man page for ipa-client-install has a section
explaining discovery and influence of options on it.

That's your problem. It also reveals that your reading of the wiki was
cursory, but that's another problem. :)

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to