Also seems to be set:
freeipaclient$ dig +short -t SRV _kerberos._udp.cs.domain.dom
0 100 88 ipa.cs.domain.com.
freeipaclients$ dig +short -t SRV _kerberos._udp.domain.com
0 100 88 kdc1.domain.com.
0 100 88 kdc2.domain.com.
___
FreeIPA-users mailing
On ke, 11 heinä 2018, Mike Conner via FreeIPA-users wrote:
So you're saying the client is probably not finding the AD KDC through DNS SRV
calls? I think that I've tested all the DNS configs that are called for in the
documentation. What could I do to test whether the AD realm's KDC is being
On Wed, Jul 11, 2018 at 09:16:19PM -, Mike Conner via FreeIPA-users wrote:
> To the /etc/krb5.conf file on the client, I changed from this:
>
> [realms]
> CS.GRINNELL.EDU = {
> kdc = ipa.cs.grinnell.edu:88
> master_kdc = ipa.cs.grinnell.edu:88
> admin_server =
To the /etc/krb5.conf file on the client, I changed from this:
[realms]
CS.GRINNELL.EDU = {
kdc = ipa.cs.grinnell.edu:88
master_kdc = ipa.cs.grinnell.edu:88
admin_server = ipa.cs.grinnell.edu:749
kpasswd_server = ipa.cs.grinnell.edu:464
default_domain = cs.grinnell.edu
On Wed, Jul 11, 2018 at 08:30:16PM -, Mike Conner via FreeIPA-users wrote:
> So you're saying the client is probably not finding the AD KDC through DNS
> SRV calls?
Not necessarily not finding, but perhaps the AD KDCs the client
discovers are slow to respond?
What exactly were the changes
So you're saying the client is probably not finding the AD KDC through DNS SRV
calls? I think that I've tested all the DNS configs that are called for in the
documentation. What could I do to test whether the AD realm's KDC is being
discovered?
Here's what I've tried to see if the dns is
On Wed, Jul 11, 2018 at 03:56:22PM -, Mike Conner via FreeIPA-users wrote:
> This is now working after adding a stanza for the AD realm in /etc/krb5.conf
> file. Should that be necessary?
Did you also add the KDCs for the AD realm?
I'm asking because by default, sssd on the client does not
This is now working after adding a stanza for the AD realm in /etc/krb5.conf
file. Should that be necessary?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
On Thu, Jul 05, 2018 at 04:57:26PM -, Mike Conner via FreeIPA-users wrote:
> I've seen similar situations in other threads, but searching for a solution
> hasn't proven fruitful so far; please point me in the right direction! I've
> configured an ipa server with a trusted AD domain and both
