On 21/06/2019 13:08, Sumit Bose wrote:
On Fri, Jun 21, 2019 at 12:38:22PM +0100, lejeczek wrote:
On 21/06/2019 10:57, lejeczek via FreeIPA-users wrote:
I obfuscated those logs I sent you, maybe not too neatly, apologies.
this time, maybe not that badly obfuscated logs, attached.
Ok, so it is about CCC.PRIVATE.DDD.EE.FF which, if I understand to correctly, is the AD domain. Please try
KRB5_TRACE=/dev/stdout kinit pawel@CCC.PRIVATE.DDD.EE.FF
from the command line and send me the output. Additionally it would be good to know which IPA server you are using on the servers.
bye, Sumit
I'm baaaack :) In the mean while I upped my IPA to 4.6.5 version. (redone anew AD one-way trust with shared secret)
and GSSAPI does not seem to work?
on masters:
$ KRB5_TRACE=/dev/stdout kinit pawel@ceb.private.cam.ac.uk.
...
[3894] 1573661402.150190: Storing....
$ echo $? 0
But Windoze end, AD controller and its clients when ssh or cifs to masters still ask for password(which works for ssh) and I cannot spot any errors in logs.
Any thoughts and suggestions?
many thanks, L.
pub rsa2048 2019-01-17 [SC] [verfällt: 2020-01-17] 93059F241EEEE1D0769A85F455918ABF21224EBA uid lejeczek peljasz@yahoo.co.uk sub rsa2048 2019-01-17 [E] [verfällt: 2020-01-17]
freeipa-users@lists.fedorahosted.org