In the Ubuntu krb5.conf are 2 lines more:
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}The nameservers on both system types are identical and pointing to our AD-Domain Controller. On the AD-Servers the ipa-domain.com is a conditional forwarder to the IPA-Server. I changed the name server configuration on a CentOS just to be sure, but it doesn’t had any effect. Best regards, Fabian > On 15 Dec 2015, at 13:38, Sumit Bose <[email protected]> wrote: > > On Tue, Dec 15, 2015 at 10:58:09AM +0000, Zoske, Fabian wrote: >> I’ve setup an IPA-Server with a handful of clients and AD-Trust. >> The server is a CentOS7.1 with IPA4.1 and the clients are mostly Ubuntu >> Server 14.04 LTS. >> Our IPA-Domain is like ipa-domain.com and our AD-Domain is like >> ad-domain.local, but our user principals in AD are >> [email protected]<mailto:[email protected]> for backward compatibility. >> >> On the Ubuntu clients I can login with my AD-Credentials, but when trying to >> do the same on a joined CentOS Server I can’t login. >> In the logs I can see, that there is no KDC for OLD-DOMAIN.COM is found. >> >> Why does this scenario works on Ubuntu but not on CentOS? >> Can I do something about this? > > Are there any differences in /etc/krb5.conf on the Ubuntu client and on > the CentOS servers? > > What name servers are configured? Typically the clients should use the > IPA server as a name server. > > bye, > Sumit > >> >> Best regards, >> Fabian > >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
