> On Tue, Feb 25, 2020 at 10:02:48AM -0000, Michael Solodovnikov via
> FreeIPA-users wrote:
>
> Thanks,
>
> please try to add
>
> krb5_use_fast = never
>
> to the [domain/] section of sssd.conf as well.
>
> If this does not help, please
Hi.
> Can you run the same commands as
>
> KRB5_TRACE=/dev/stdout kinit solodovnikov(a)win.gtf.kz
> KRB5_TRACE=/dev/stdout klist
> KRB5_TRACE=/dev/stdout kvno -S host dc1.nix.gtf.kz
> KRB5_TRACE=/dev/stdout klist
>
> and send the output?
KRB5_TRACE -
> Hi,
>
> can you paste krb5_child.log from the server and client attempt as well?
>
> bye,
> Sumit
Attempt on server krb5_child.log - https://paste.centos.org/view/09edb080
Attempt on client krb5_child.log - https://paste.centos.org/view/eb2b89b3
Michael.
I have a fresh installed FreeIPA 4.6.5, sssd 1.16.4, krb5 1.15.1-37, samba
4.9.1-10, on CentOS 7.7.1908, can’t login as AD user.
FreeIPA configured one-way trust AD(win.gtf.kz),AD user have UPN n.u...@fgt.kz.
FreeIPA realm nix.gtf.kz.
Сonfigs on server FreeIPA(dc1.nix.gtf.kz)
#