Hmm, can't get it to work, but right now it looks like I have other
problems..
I'll try to follow up on this if the problem continues when I get the other
problems solved.
>
> Can you clear the caches on the client? The client receives the principals
> from the server the same way as it
On Thu, Aug 04, 2016 at 03:39:26PM +0200, Troels Hansen wrote:
> Hmm, was too fast.
>
> ldap_user_principal = nosuchattr
> subdomain_inherit = ldap_user_principal
>
> Works, but ONLY from the IPA server.
>
> If I do the same from a client, I still get:
>
> (Thu Aug 4 15:32:05 2016)
Hmm, was too fast.
ldap_user_principal = nosuchattr
subdomain_inherit = ldap_user_principal
Works, but ONLY from the IPA server.
If I do the same from a client, I still get:
(Thu Aug 4 15:32:05 2016) [[sssd[krb5_child[16374 [get_and_save_tgt]
(0x0020): 1234: [-1765328378][Client
Solved it myself.
http://www.redhat.com/archives/freeipa-users/2016-May/msg00209.html
Apparently its well known, and will be solved in 7.3
- On Aug 4, 2016, at 1:56 PM, Troels Hansen t...@casalogic.dk wrote:
> Hmm, well, yes, it did:
>
> (Thu Aug 4 13:46:58 2016)
Hmm, well, yes, it did:
(Thu Aug 4 13:46:58 2016) [[sssd[krb5_child[18121 [unpack_buffer]
(0x0100): cmd [249] uid [1349938498] gid [1349938498] validate [true]
enterprise principal [false] offline [false] UPN [drext...@dr.dk]
(Thu Aug 4 13:46:58 2016) [[sssd[krb5_child[18121
On Thu, Aug 04, 2016 at 12:57:40PM +0200, Troels Hansen wrote:
> Hi, we have set up IPA in a AD trust and is about 90% done, but still have
> one problem using SSH login.
>
> Kerberos works:
> # kdestroy
> # kinit drext...@net.dr.dk
> Password for drext...@net.dr.dk:
> # klist
> Ticket
Hi, we have set up IPA in a AD trust and is about 90% done, but still have one
problem using SSH login.
Kerberos works:
# kdestroy
# kinit drext...@net.dr.dk
Password for drext...@net.dr.dk:
# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: drext...@net.dr.dk
Valid