On Fri, Apr 19, 2013 at 12:47:47PM +0200, Natxo Asenjo wrote: > hi, > > just a little 'but'. > > when verifying the trust (point 12 > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html) > > > # kinit user > Password for [email protected]: > [root@kdc ~]# kvno host/[email protected] > host/[email protected]: kvno = 2 > [root@kdc ~]# kvno cifs/[email protected] > kvno: KDC policy rejects request while getting credentials for > cifs/[email protected]
Can you check if klist shows a cross-realm ticket like krbtgt/[email protected] after the second kvno call? If yes, if might be a policy on the AD side which rejects the request. bye, Sumit > > -- > groet, > natxo _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
