On 06/15/2017 04:57 AM, Rishat Teregulov wrote:
Yes, I set krb5.conf to this to try not to resolve dns queries.
[libdefaults]
default_realm = AD.DOMAIN.EXAMPLE
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
}
fcc-mit-ticketflags = true
[realms]
AD.DOMAIN.EXAMPLE = {
default_domain = AD.DOMAIN.EXAMPLE
kdc = AD.DOMAIN.EXAMPLE
admin_server = AD.DOMAIN.EXAMPLE
}
I'm not sure if this output was sanitized, but the 'kdc' and
'admin_server' lines should contain a hostname of the KDC/AD server you
want libkrb5 to communicate with, not only a realm name.
-Justin
> [domain_realm]
> .AD.DOMAIN.EXAMPLE = AD.DOMAIN.EXAMPLE
> AD.DOMAIN.EXAMPLE = AD.DOMAIN.EXAMPLE
> [login]
> krb4_convert = true
> krb4_get_tickets = false
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>