On 2022-12-14 14:34, Alexander Bokovoy via FreeIPA-users wrote:
Thanks. I also asked for krb5 configuration: /etc/krb5.conf and files included from it, I think they are in /etc/krb5.conf.d and /var/lib/sss/pubconf/krb5.include.d
You can see a full list of the directories with
grep includedir /etc/krb5.conf
# egrep -v "^\s*#|^$" /etc/krb5.conf.d/* /etc/krb5.conf.d/crypto-policies:[libdefaults] /etc/krb5.conf.d/crypto-policies:permitted_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 /etc/krb5.conf.d/enable_sssd_conf_dir:includedir /var/lib/sss/pubconf/krb5.include.d/ /etc/krb5.conf.d/freeipa:[libdefaults] /etc/krb5.conf.d/freeipa: spake_preauth_groups = edwards25519 /etc/krb5.conf.d/kcm_default_ccache:[libdefaults] /etc/krb5.conf.d/kcm_default_ccache: default_ccache_name = KCM: /etc/krb5.conf.d/sssd_enable_idp:[plugins] /etc/krb5.conf.d/sssd_enable_idp: clpreauth = { /etc/krb5.conf.d/sssd_enable_idp: module = idp:/usr/lib64/sssd/modules/sssd_krb5_idp_plugin.so /etc/krb5.conf.d/sssd_enable_idp: } /etc/krb5.conf.d/sssd_enable_idp: kdcpreauth = { /etc/krb5.conf.d/sssd_enable_idp: module = idp:/usr/lib64/sssd/modules/sssd_krb5_idp_plugin.so /etc/krb5.conf.d/sssd_enable_idp: }
# egrep -v "^\s*#|^$" /var/lib/sss/pubconf/krb5.include.d/* /var/lib/sss/pubconf/krb5.include.d/domain_realm_int_r3pek_org:[domain_realm] /var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults:[libdefaults] /var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults: canonicalize = true /var/lib/sss/pubconf/krb5.include.d/localauth_plugin:[plugins] /var/lib/sss/pubconf/krb5.include.d/localauth_plugin: localauth = { /var/lib/sss/pubconf/krb5.include.d/localauth_plugin: module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so /var/lib/sss/pubconf/krb5.include.d/localauth_plugin: }
While also testing some stuff out, if I force the IP address of the mail01.r3pek.org server to be the internal one, the auth works. Am I missing something or is the normal?