On ke, 25 marras 2020, Ben Lewis via FreeIPA-users wrote:
Hi All,
I have installed a freeipa server an configured a Windows 10 client to
authenticate against it. I am able to login to the Windows machine
against the IPA realm, the issue I am seeing relates to the Windows
client updating its DNS records. I could see ZONENAME/IN denied errors
in /var/log/messages, what i also noticed in /var/log/krb5kdc.log at
around the same time that the dns update errors occur I see a kerberos
error. It seems that the Windows host is attempting to obtain a ticket
using the format COMPUTERNAME$(a)EXAMPLE.COM instead of the FQDN.
I am using Free IPA Server 4.8.4-7 on a Centos 8.2 server.
I have a host and principal in freeipa for the Windows host.
FreeIPA does not support enrolling Windows client systems to it. There
was never intent for it and there will be no support for it either.
Please use Active Directory deployment (whether Microsoft's or Samba AD
DC) for that and establish trust with FreeIPA.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland