[Freeipa-users] Re: IPA AD Authentication not successfull if using alernative logon domain

2022-03-17 Thread Florian Wilhelm via FreeIPA-users
Thank you both very much for the fast responses! The UPN suffixes were already correctly listed by ipa. krb5_use_enterprise_principal = True helped. In my scenario I additionally had to add domain_resolution_order = trusted-domain-a.com trusted-domain-b.com and I got this finally working!

[Freeipa-users] Re: IPA AD Authentication not successfull if using alernative logon domain

2022-03-16 Thread Sumit Bose via FreeIPA-users
Am Wed, Mar 16, 2022 at 03:24:40PM - schrieb Florian Wilhelm via FreeIPA-users: > We are successfully running a FreeIPA setup connected to an AD using kerberos > to authenticate. (IPA is used as provider). > Our windows domain name is not identical to our main mail domain. For some > users

[Freeipa-users] Re: IPA AD Authentication not successfull if using alernative logon domain

2022-03-16 Thread Florence Blanc-Renaud via FreeIPA-users
Hi, I'm not sure I completely understood your question, but maybe the following doc will help you: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-managing#UPN-in-a-trust If the AD forest root is configured with additional UPN