Re: [Freeipa-users] IPA KDC Proxy

2016-01-25 Thread Christian Heimes
On 2016-01-25 08:17, Winfried de Heiden wrote: > Great, > > Changing > > /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = false > > to > > # cat /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = true > > along with adding the windows realm to

Re: [Freeipa-users] IPA KDC Proxy

2016-01-25 Thread Winfried de Heiden
OK clear, many thanks! Winny Op 25-01-16 om 09:45 schreef Christian Heimes: On 2016-01-25 08:17, Winfried de Heiden wrote: Great, Changing /etc/ipa/kdcproxy/kdcproxy.conf [global] configs = mit use_dns = false to # cat

Re: [Freeipa-users] IPA KDC Proxy

2016-01-25 Thread Winfried de Heiden
"RHEL 6.x libkrb5 has no support for KDC proxy" Too bad, I was afraid for that Winny Op 25-01-16 om 08:36 schreef Alexander Bokovoy: HEL 6.x libkrb5 has no support for KDC proxy -- Manage your subscription for

Re: [Freeipa-users] IPA KDC Proxy

2016-01-24 Thread Alexander Bokovoy
- Original Message - > Great, > > Changing > > /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = false > > to > > # cat /etc/ipa/kdcproxy/kdcproxy.conf > [global] > configs = mit > use_dns = true > > along with adding the windows realm to krb5.conf on the

Re: [Freeipa-users] IPA KDC Proxy

2016-01-24 Thread Winfried de Heiden
Great, Changing /etc/ipa/kdcproxy/kdcproxy.conf [global] configs = mit use_dns = false to # cat /etc/ipa/kdcproxy/kdcproxy.conf [global] configs = mit use_dns = true along with adding

Re: [Freeipa-users] IPA KDC Proxy

2016-01-22 Thread Alexander Bokovoy
- Original Message - > Hi all, > > I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like > this: > > ~ > dns_lookup_realm = false > dns_lookup_kdc = false > ~ > [realms] > LINUX.EXAMPLE.COM = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > http_anchors =

Re: [Freeipa-users] IPA KDC Proxy

2016-01-22 Thread Christian Heimes
On 2016-01-22 11:57, Alexander Bokovoy wrote: > - Original Message - >> Hi all, >> >> I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like >> this: >> >> ~ >> dns_lookup_realm = false >> dns_lookup_kdc = false >> ~ >> [realms] >> LINUX.EXAMPLE.COM = { >> pkinit_anchors

Re: [Freeipa-users] IPA KDC Proxy

2016-01-22 Thread Christian Heimes
On 2016-01-22 11:25, Winfried de Heiden wrote: > Now, is it possible to use the IPA-server as a proxy for the trusted > Windows Domain? How...? I haven't tried yet it but it should be possible. MS-KKDCP requests are prefixed with the requested realm name. You have to configure the mapping from

Re: [Freeipa-users] IPA KDC Proxy

2016-01-22 Thread Alexander Bokovoy
On Fri, 22 Jan 2016, Christian Heimes wrote: On 2016-01-22 11:57, Alexander Bokovoy wrote: - Original Message - Hi all, I configured an IPA client using de FreeIPA 4.2 KDC Proxy something like this: ~ dns_lookup_realm = false dns_lookup_kdc = false ~ [realms] LINUX.EXAMPLE.COM = {