FreeIPA Windows Active Directory Two-Way Trust

Comments

Good morning,
I have successfully configured a two-way trust with our FreeIPA server (RHEL7.6; IPA Server 4.6.4-10; SSSD 1.16.2-13) and our Windows Server 2016 Domain Controller.

I am able to authenticate Windows users against IPA without issue. However, I can't seem to authenticate IPA users against the Windows DC.

I have done verbose Kerberos logging and packet captures. I'm seeing KRB_AP_ERR_BAD_INTEGRITY errors when I try to log into AD clients as an IPA user. I also see these Kerberos errors when I try to search for IPA users from AD.

I have done a lot of digging online and I can't seem to get a clear answer: is it possible to log into a Windows Domain with an IPA account hen a two-way trust is configured?

Thanks!!

Started 2019-04-11T14:24:09+00:00 by

Keith Schindler

Community Member 25 points

Select Your Language

FreeIPA Windows Active Directory Two-Way Trust

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links