Hi All,
I have installed a freeipa server an configured a Windows 10 client to authenticate against it. I am able to login to the Windows machine against the IPA realm, the issue I am seeing relates to the Windows client updating its DNS records. I could see ZONENAME/IN denied errors in /var/log/messages, what i also noticed in /var/log/krb5kdc.log at around the same time that the dns update errors occur I see a kerberos error. It seems that the Windows host is attempting to obtain a ticket using the format COMPUTERNAME$@EXAMPLE.COM instead of the FQDN.
I am using Free IPA Server 4.8.4-7 on a Centos 8.2 server.
I have a host and principal in freeipa for the Windows host.
On ke, 25 marras 2020, Ben Lewis via FreeIPA-users wrote:
Hi All,
I have installed a freeipa server an configured a Windows 10 client to authenticate against it. I am able to login to the Windows machine against the IPA realm, the issue I am seeing relates to the Windows client updating its DNS records. I could see ZONENAME/IN denied errors in /var/log/messages, what i also noticed in /var/log/krb5kdc.log at around the same time that the dns update errors occur I see a kerberos error. It seems that the Windows host is attempting to obtain a ticket using the format COMPUTERNAME$@EXAMPLE.COM instead of the FQDN.
I am using Free IPA Server 4.8.4-7 on a Centos 8.2 server.
I have a host and principal in freeipa for the Windows host.
FreeIPA does not support enrolling Windows client systems to it. There was never intent for it and there will be no support for it either. Please use Active Directory deployment (whether Microsoft's or Samba AD DC) for that and establish trust with FreeIPA.
freeipa-users@lists.fedorahosted.org