On Wed, Jan 03, 2018 at 07:56:57PM +0700, Николай Савельев via FreeIPA-users wrote:
I have ipa domain with AD trust. id ad_users@ad_domain works. su
ad_users@ad_domain works.
kinit ad_users@ad_domain don't works in ubuntu but works in centos 7
What?
/etc/krb5.conf is the same.
ipa servers work on centos 7. Ipa client work on ubuntu 14.04 or 16.04.
I also can't get access from AD member windos to SAMBA shares on IPA members linux,
What can i do?
Oh, I forgot to say about error!
For kinit AD user i get:
kinit: KDC reply did not match expectations while getting initial credentials
Then using 'kinit -C ...' or 'canonicalize= true' in krb5.conf should
help.
bye,
Sumit
>
> My krb5.conf:
>
>
> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> [libdefaults]
> default_realm = FS.LAN
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> ticket_lifetime = 24h
> dns_canonicalize_hostname = false
> forwardable = true
> udp_preference_limit = 0
> default_ccache_name = KEYRING:persistent:%{uid}
>
>
> [realms]
> FS.LAN = {
> pkinit_anchors = FILE:/etc/ipa/ca.crt
>
> }
>
>
> [domain_realm]
> .fs.lan = FS.LAN
> fs.lan = FS.LAN
>
> --
> С уважением, Николай.
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org