On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users wrote:
> Hello,
>
> I have a FreeIPA domain,
i.rdmedia.com, (CentOS 7.3, fully up-to-date:
> rpm
> versions are 4.4.0-14.el7.centos.7) with a two-way, non-transitive,
> external trust to an Active Directory domain in another forest,
>
clients.rdmedia.com, (Windows Server 2012R2). I've setup the trust using
> the Administrator credentials.
>
> As one of the final steps, I would like to get passwordless SSH-access
> using GSSAPI to work, but unfortunately I get the following error in the
> Putty log when connecting from an AD domain-joined client:
>
> Event Log: GSSAPI authentication initialisation failed
> Event Log: The target was not recognized
>
"Target was not recognized" means your AD DC does not know that
requests for services in .i.rdmedia.com domain must be routed to FreeIPA
DC.
What does
netdom trust
clients.rdmedia.com /namesuffixes:i.rdmedia.com
say on clients.rdmedia.com's DC?
It says: The parameter is incorrect.
Actually, I don't see the Name Suffix Routing tab in the incoming/outgoing
trust properties either, only the General and Authentication tabs.