[Freeipa-users] Re: AD Trust Integration Issue

On to, 18 huhti 2019, Henry Pelke via FreeIPA-users wrote: > Good morning, > I have recently setup an environment with FreeIPA 4.6.4-10 using CentOS 7 > as the IPA Master. After setting up I joined the IPA master to the local AD > and everything seemed to work fine. > The issue I'm facing is that after adding the external and POSIX group's I > can authenticate to the IPA Master as an AD user but the server with the > IPA client doesn't appear to be able to authenticate AD users. > The client server is unable to run getent or kinit against any ad user and > returns 'Cannot find KDC for realm "<ad domain>"...' Make sure your clients have Kerberos configuration (in krb5.conf or /etc/krb5.conf.d/) that defines AD realms or allows to discover AD realms from DNS. -------------------------------------------------------------------------------------------------------------------------------------------------------- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...