pgb 205 via FreeIPA-users writes:
> Here is the log that I sent in yesterday. With server1 and server2
> down, but server3 up.
>
> kdc=server1
> kdc=server2
> kdc=server3
> kdc_master=server1
> kdc_master=server2
> kdc_master=server3
kdc_master isn't a valid directive for krb5.conf (we call it
Here is the log that I sent in yesterday. With
server1 and server2 down, but server3 up.
kdc=server1
kdc=server2
kdc=server3
kdc_master=server1
kdc_master=server2
kdc_master=server3
kinit tries server1 and server2 but never even attempts server3
KRB5_TRACE=/dev/stdout kinit user(a)test.domain
On Thu, Jul 27, 2017 at 02:19:38PM +, pgb205 via FreeIPA-users wrote:
> Jacub, yes we do have a one way trust between AD->FreeIPA. That explainswhy
> krb5.conf is used instead of the sssd.conf _srv_ to retrieve DNS records.
> Can you also please comment on why I'm only getting lookups on the
our blog.
Date: Thu, 27 Jul 2017 10:01:11 +0200
From: Jakub Hrozek <jhro...@redhat.com>
Subject: [Freeipa-users] Re: Krb5.conf only sees first two kdc servers
To: freeipa-users@lists.fedorahosted.org
Message-ID: <20170727080111.ekj3mqbuilkrlxpa@hendrix>
Content-Type: text/plain; cha
>If the _srv_ is enabled then am i correct in assuming that we wouldn't even
>need kdc= records in krb5.conf ??>I tried removing kdc= linesand was unable to
>authenticate.
In my experience, sssd relies upon the local kerberos stack. Maybe others have
different experiences.
mpapet
Sumit, thank you very much for this. Very helpful, but I am still not seeing
the problem
So at first I will try with the following in krb5.confkdc=server1 <--shut
off on the network#kdc=server2 <--shut off on the network and commented out
in krb5.confkdc=server3 <--up and running
