On Wed, 07 Sep 2016, Troels Hansen wrote:
- On Sep 7, 2016, at 10:36 AM, Alexander Bokovoy aboko...@redhat.com wrote:
How exactly did you establish the trust? I see you have one-way trust
but did you establish it with AD admin credentials or using a shared
secret? If the latter, it is a
- On Sep 7, 2016, at 10:31 AM, Sumit Bose sb...@redhat.com wrote:
>
> So I guess there is no cross-realm ticket either, i.e.
> krbtgt/IPA.DOMAIN@AD.DOMAIN. Can you check on AD if the IPA DNS domain
> is listed in the 'Name Suffix Routing' tab in the trust properties of
> the IPA domain?
- On Sep 7, 2016, at 10:36 AM, Alexander Bokovoy aboko...@redhat.com wrote:
> How exactly did you establish the trust? I see you have one-way trust
> but did you establish it with AD admin credentials or using a shared
> secret? If the latter, it is a known issue that AD does not activate the
On Wed, 07 Sep 2016, Troels Hansen wrote:
- On Sep 7, 2016, at 9:55 AM, Alexander Bokovoy aboko...@redhat.com wrote:
"Target was not recognized" means AD DC doesn't know that
rhel02edv.linux.dr.dk belongs to LINUX.DR.DK realm and thus has to
forward the authentication requests there.
On Wed, Sep 07, 2016 at 09:55:45AM +0200, Troels Hansen wrote:
>
>
> - On Sep 7, 2016, at 9:43 AM, Sumit Bose sb...@redhat.com wrote:
>
> > Additionally please check the klist output on the Windows client. It
> > should show the host principal of the Linux client
> >
- On Sep 7, 2016, at 10:17 AM, Troels Hansen t...@casalogic.dk wrote:
>
> Yes, its correct, there is no routing configured.
> I can't see to be able to add it manually, and auto refresh doesn't work:
> https://fedorahosted.org/freeipa/ticket/5683
>
According to the DOC's it should work?
- On Sep 7, 2016, at 9:55 AM, Alexander Bokovoy aboko...@redhat.com wrote:
> "Target was not recognized" means AD DC doesn't know that
> rhel02edv.linux.dr.dk belongs to LINUX.DR.DK realm and thus has to
> forward the authentication requests there.
>
> What do you have in the trust
On Wed, 07 Sep 2016, Troels Hansen wrote:
When logging in, putty only shows:
Using username "drext...@net.dr.dk".
drext...@net.dr.dk@rhel02udv.linux.dr.dk's password:
Putty log shows its only using SSPI, secur32.dll for GSSAPI, but fails:
Event Log: Using SSPI from SECUR32.DLL
Event Log:
- On Sep 7, 2016, at 9:43 AM, Sumit Bose sb...@redhat.com wrote:
> Additionally please check the klist output on the Windows client. It
> should show the host principal of the Linux client
> (host/client.ipa.domain@IPA.DOMAIN). If the principal is there the sshd
> logs on the Linux client
When logging in, putty only shows:
Using username "drext...@net.dr.dk".
drext...@net.dr.dk@rhel02udv.linux.dr.dk's password:
Putty log shows its only using SSPI, secur32.dll for GSSAPI, but fails:
Event Log: Using SSPI from SECUR32.DLL
Event Log: Attempting GSSAPI authentication
Outgoing
On Wed, Sep 07, 2016 at 10:27:17AM +0300, Alexander Bokovoy wrote:
> On Wed, 07 Sep 2016, Troels Hansen wrote:
> > Running RHEL 7.2, IPA 4.2 and SSSD 1.13, we have set up a IPA-AD trust
> > and trying to get Putty GSSAPI login to work. In Putty GSSAPI have
> > been enabled, and GSSAPI is enabled
On Wed, 07 Sep 2016, Troels Hansen wrote:
Running RHEL 7.2, IPA 4.2 and SSSD 1.13, we have set up a IPA-AD trust
and trying to get Putty GSSAPI login to work. In Putty GSSAPI have
been enabled, and GSSAPI is enabled in sshd.
Logging in using password from Windows to Linux works, and logging in
12 matches
Mail list logo
