hi,
a bit puzzled now. I have joined another 2k8r2 host to the AD domain that
is trusted by the ipa domain.
As AD\administrator I can ssh to the linux host.
I create a bunch of AD users, standard members of 'Domain Users'. But I
cannot login to the linux host.
When I run wbinfo --online-status
On Fri, 19 Apr 2013, Natxo Asenjo wrote:
hi,
some progress. I disabled the firewall of the linux host (also the kdc,
incidentally). From the Windows host using the AD Domain and Trusts tool I
can verify the trust and using putty I can login and get the linux kerberos
tickets as a windows realm u
hi,
some progress. I disabled the firewall of the linux host (also the kdc,
incidentally). From the Windows host using the AD Domain and Trusts tool I
can verify the trust and using putty I can login and get the linux kerberos
tickets as a windows realm user.
If i enable the firewall and I do not
hi,
after succesfully configuring the trust between 2 different domains
(IPA.ASENJO.NX and AD.ASENJO.NX) I would like to login from the windows
host to the linux host using the trusted kerberos tickets.
This is my krb.conf in the linux host:
includedir /var/lib/sss/pubconf/krb5.include.d/
[loggi
On Fri, Apr 19, 2013 at 1:08 PM, Sumit Bose wrote:
> On Fri, Apr 19, 2013 at 12:47:47PM +0200, Natxo Asenjo wrote:
> > hi,
> >
> > just a little 'but'.
> >
> > when verifying the trust (point 12
> >
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Mana
On Fri, Apr 19, 2013 at 12:47:47PM +0200, Natxo Asenjo wrote:
> hi,
>
> just a little 'but'.
>
> when verifying the trust (point 12
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html)
>
>
> # kinit user
> Pa
On Fri, Apr 19, 2013 at 12:37:30PM +0200, Natxo Asenjo wrote:
> I modified /etc/sysconfig/network
> HOSTNAME=kdc.ipa.asenjo.nx
>
> rebooted the host. Re-ran
>
> # smbclient -L kdc.ipa.asenjo.nx -klp_load_ex: changing to config backend
> registry
> Domain=[IPA] OS=[Unix] Server=[Samba 4.0.0rc4]
>
hi,
just a little 'but'.
when verifying the trust (point 12
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html)
# kinit user
Password for nase...@ipa.asenjo.nx:
[root@kdc ~]# kvno host/host.ipa.asenjo...@ipa.a
I modified /etc/sysconfig/network
HOSTNAME=kdc.ipa.asenjo.nx
rebooted the host. Re-ran
# smbclient -L kdc.ipa.asenjo.nx -klp_load_ex: changing to config backend
registry
Domain=[IPA] OS=[Unix] Server=[Samba 4.0.0rc4]
Sharename Type Comment
- ---
On Fri, Apr 19, 2013 at 11:45:47AM +0200, Natxo Asenjo wrote:
> I saw there is a log in /var/log/samba/log.wb-IPA
>
> The log complains about missing keys for the spn for the hostname (not the
> fqdn, just the hostname):
>
> Connection to LDAP server failed for the 15 try!
> [2013/04/19 11:39:22
I saw there is a log in /var/log/samba/log.wb-IPA
The log complains about missing keys for the spn for the hostname (not the
fqdn, just the hostname):
Connection to LDAP server failed for the 15 try!
[2013/04/19 11:39:22.352522, 0] ipa_sam.c:3689(bind_callback_cleanup)
kerberos error: code=-1
On Fri, Apr 19, 2013 at 11:27 AM, Sumit Bose wrote:
> On Fri, Apr 19, 2013 at 11:03:02AM +0200, Natxo Asenjo wrote:
> > hi,
> >
> > while following the instructions in
> >
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns
On Fri, Apr 19, 2013 at 11:03:02AM +0200, Natxo Asenjo wrote:
> hi,
>
> while following the instructions in
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
>
> I run step 9:
>
> smbclient -L kdc.ipa.asenjo
hi,
while following the instructions in
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
I run step 9:
smbclient -L kdc.ipa.asenjo.nx -k
lp_load_ex: changing to config backend registry
Connection to kdc.ipa.a
14 matches
Mail list logo