Hi,

On 14/06/2017 18:02, Jason Sherrill via FreeIPA-users wrote:

Hello All,

I have recently submitted a How/To for FreeIPA. I'd very much appreciate any feedback or editing on it- I don't want to link to it without a review. Thanks!

I used /etc/krb5.conf instead of /Library/Preferences/edu.mit.Kerberos which also seemed to work,
but I noticed the MacOS client doesn't fall back to tcp, so if udp is blocked in your network you need to specify

[realms]
EXAMPLE.COM = {
kdc = tcp/ipa-server.example.com
admin_server = tcp/ipa-server.example.com
}

to get kinit and changing of an expired password to work (using kinit, haven't configured my accounts as system accounts yet)

--

Jason Sherrill

Deeplocal Inc.

mobile: 412-636-2073

office: 412-362-0201

Regards,
Jens Timmerman