[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-21 Thread Alexander Bokovoy via FreeIPA-users
On ke, 21 kesä 2017, Alexander Bokovoy via FreeIPA-users wrote: On ke, 21 kesä 2017, Robert Johnson via FreeIPA-users wrote: For what its worth, I dug through my emails with Red Hat tech support and this is what we got back from the Identity Management support team: --- I did some

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-21 Thread Alexander Bokovoy via FreeIPA-users
On ke, 21 kesä 2017, Robert Johnson via FreeIPA-users wrote: For what its worth, I dug through my emails with Red Hat tech support and this is what we got back from the Identity Management support team: --- I did some additional research and found another customer which had a similar

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-21 Thread Tiemen Ruiten via FreeIPA-users
I tried the GPO and that actually worked, thanks Robert. I had to specify all the subdomains we use as well in the value field (we have IPA-clients in several subdomains of i.rdmedia.com). It appears my issue is solved. Looking forward to hear what the Microsoft guys say. On 21 June 2017 at

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-20 Thread Alexander Bokovoy via FreeIPA-users
On ti, 20 kesä 2017, Robert Johnson wrote: I ran into this exact same problem with my IPA domain in a one way external trust to our Windows 2012 R2 AD forest. It appears that Microsoft may have removed the routing suffix option from the Windows 2012 R2 native forest trust gui. My solution was

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-20 Thread Robert Johnson via FreeIPA-users
I ran into this exact same problem with my IPA domain in a one way external trust to our Windows 2012 R2 AD forest. It appears that Microsoft may have removed the routing suffix option from the Windows 2012 R2 native forest trust gui. My solution was to follow the instructions in the "Define

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-20 Thread Alexander Bokovoy via FreeIPA-users
On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users wrote: Please see the attached screenshot for the Trust settings, and thank you for your time. Thanks. I'm not sure why is that happening even for the immediate forest root domain that i.rdmedia.com is. I'll check with Microsoft doc help team

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-20 Thread Tiemen Ruiten via FreeIPA-users
Please see the attached screenshot for the Trust settings, and thank you for your time. On 20 June 2017 at 19:36, Tiemen Ruiten wrote: > On 20 June 2017 at 18:07, Alexander Bokovoy wrote: > >> On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users

[Freeipa-users] Re: GSSAPI login from trusted AD domain to FreeIPA clients not working

2017-06-20 Thread Tiemen Ruiten via FreeIPA-users
On 20 June 2017 at 18:07, Alexander Bokovoy wrote: > On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users wrote: > >> Hello, >> >> I have a FreeIPA domain, i.rdmedia.com, (CentOS 7.3, fully up-to-date: >> rpm >> versions are 4.4.0-14.el7.centos.7) with a two-way,