On Wed, 2018-09-05 at 16:19 -0400, Ranbir via FreeIPA-users wrote:
Hello,
I have a Fedora 26 desktop joined to a freeipa domain running two ipa
4.5.4-10 servers on CentOS 7.5.1804. I have an odd "problem" I hope
someone here can help me fix.
I can ssh from my desktop to any server in the domain using my password
(i.e. interactive) or GSSAPI. Once on a server, I can ssh to some hosts
in the domain using GSSAPI delegation, but not to others.
When GSSAPI delegation doesn't work, I see this error:
debug1: Unspecified GSS failure. Minor code may provide more information
Server host/ipa01(a)THEINSIDE.RNR not found in Kerberos database
Is this the actual error? no editing ?
I think I solved this once before, but it was a very, very long time
ago and I don't have any notes to refer to.
What am I messing up?
if ipa01 is really unqualified as you show up here that probably means
that you are either ssh-ing using the short name instead of the fully
qualified name, or you have reverse resolution enabled and a line in
your hosts file with "IP shortname longname", and the shortname is
resolved as the name of the server.
HTH,
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc