On ti, 20 kesä 2017, Tiemen Ruiten via FreeIPA-users wrote:
Hello,
I have a FreeIPA domain,
i.rdmedia.com, (CentOS 7.3, fully up-to-date: rpm
versions are 4.4.0-14.el7.centos.7) with a two-way, non-transitive,
external trust to an Active Directory domain in another forest,
clients.rdmedia.com, (Windows Server 2012R2). I've setup the trust using
the Administrator credentials.
As one of the final steps, I would like to get passwordless SSH-access
using GSSAPI to work, but unfortunately I get the following error in the
Putty log when connecting from an AD domain-joined client:
Event Log: GSSAPI authentication initialisation failed
Event Log: The target was not recognized
"Target was not recognized" means
your AD DC does not know that
requests for services in .i.rdmedia.com domain must be routed to FreeIPA
DC.
What does
netdom trust
clients.rdmedia.com /namesuffixes:i.rdmedia.com
say on clients.rdmedia.com's DC?
--
/ Alexander Bokovoy