Thank you both very much for the fast responses!
The UPN suffixes were already correctly listed by ipa.
krb5_use_enterprise_principal = True
helped. In my scenario I additionally had to add
domain_resolution_order = trusted-domain-a.com trusted-domain-b.com
and I got this finally working!
Am Wed, Mar 16, 2022 at 03:24:40PM - schrieb Florian Wilhelm via
FreeIPA-users:
> We are successfully running a FreeIPA setup connected to an AD using kerberos
> to authenticate. (IPA is used as provider).
> Our windows domain name is not identical to our main mail domain. For some
> users
Hi,
I'm not sure I completely understood your question, but maybe the following
doc will help you:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-managing#UPN-in-a-trust
If the AD forest root is configured with additional UPN