[Freeipa-users] red hat 5 and red hat 6 compatability
Rob Crittenden
rcritten at redhat.com
Wed May 2 20:47:11 UTC 2012
Matthew Davidson wrote:
> " Is this from the client or from the server? I bet on the server."
>
> That is from the client. I sent a reply to Rob about the DNS, but I was
> under the assumption that the client was using the config files.
>
We recommend using a different realm name for the IPA realm, it makes
life much simpler. You can try disabling DNS lookups for the KDC in
/etc/krb5.conf and defining a KDC. You may also need to tell the sssd
locator, configured in /var/lib/sss/pubconf/kdcinfo.$REALM.
IPA and AD both attempt to use the same DNS SRV records for
autodiscovery. What is happening is your client is getting the AD
information and trying to authenticate against it.
regards
rob
More information about the Freeipa-users
mailing list