On Wed, 09 Sep 2015, alireza baghery wrote:
hi
i install centos 6.7 trust with Windows 2008 r2 (User AD can not Login)
and get log in IPA SERVER file: /var/log/krb5kdc.log
domain IPA: l.infotechpsp.net
++
Sep 09 15:09:20 ipareplica.l.infotechpsp.net krb5kdc[1518](info): AS_REQ (4
etypes {18 17 16 23}) 10.30.120.20: NEEDED_PREAUTH: host/
ussddm.l.infotechpsp@l.infotechpsp.net for krbtgt/
l.infotechpsp@l.infotechpsp.net, Additional pre-authentication required
IS it correct? l.infotechpsp@l.infotechpsp.net
I don't understand what you are trying to say. NEEDED_PREAUTH is normal.
Use CentOS 7.x if you want to have trust with Active Directory.
Server code for trusts was a tech preview in RHEL 6.x.
Follow http://www.freeipa.org/page/Active_Directory_trust_setup and
debugging chapter in it for debugging. Also use
https://fedorahosted.org/sssd/wiki/Troubleshooting for debugging
SSSD-related issues, if any.
Right now you did not provide any information. And really, move to a
newer CentOS 7 version.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
