I have ipa domain with AD trust. id ad_users@ad_domain works. su ad_users@ad_domain works. kinit ad_users@ad_domain don't works in ubuntu but works in centos 7 What? /etc/krb5.conf is the same. ipa servers work on centos 7. Ipa client work on ubuntu 14.04 or 16.04. I also can't get access from AD member windos to SAMBA shares on IPA members linux,
What can i do?
Oh, I forgot to say about error! For kinit AD user i get: kinit: KDC reply did not match expectations while getting initial credentials
My krb5.conf:
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults] default_realm = FS.LAN dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h dns_canonicalize_hostname = false forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid}
[realms] FS.LAN = { pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm] .fs.lan = FS.LAN fs.lan = FS.LAN