On Fri, Apr 19, 2013 at 1:08 PM, Sumit Bose <[email protected]> wrote:
> On Fri, Apr 19, 2013 at 12:47:47PM +0200, Natxo Asenjo wrote: > > hi, > > > > just a little 'but'. > > > > when verifying the trust (point 12 > > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html > ) > > > > > > # kinit user > > Password for [email protected]: > > [root@kdc ~]# kvno host/[email protected] > > host/[email protected]: kvno = 2 > > [root@kdc ~]# kvno cifs/[email protected] > > kvno: KDC policy rejects request while getting credentials for > > cifs/[email protected] > > Can you check if klist shows a cross-realm ticket like > krbtgt/[email protected] after the second kvno call? If yes, if might > be a policy on the AD side which rejects the request. > > hi, yes, the krbtgt ticket for the AD domain is there all right. let's try to find out where to allow that request then. -- Groeten, natxo
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
