On 06/15/2017 04:57 AM, Rishat Teregulov wrote:
Yes, I set krb5.conf to this to try not to resolve dns queries.
[libdefaults]
default_realm = AD.DOMAIN.EXAMPLE
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
}
fcc-mit-ticketflags = true
[realms]
AD.DOMAIN.EXAMPLE = {
default_domain = AD.DOMAIN.EXAMPLE
kdc = AD.DOMAIN.EXAMPLE
admin_server = AD.DOMAIN.EXAMPLE
}
I'm not sure if this output was sanitized, but the 'kdc' and
'admin_server' lines should contain a hostname of the KDC/AD server you
want libkrb5 to communicate with, not only a realm name.
-Justin
[domain_realm]
.AD.DOMAIN.EXAMPLE = AD.DOMAIN.EXAMPLE
AD.DOMAIN.EXAMPLE = AD.DOMAIN.EXAMPLE
[login]
krb4_convert = true
krb4_get_tickets = false
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
