How to integrate single IPA domain with multiple replica's with Active Directory through Cross-Realm Kerberos Trust on RHEL7?

Solution Verified - Updated -

Issue

  • How to integrate single IPA domain with multiple replica's with Active Directory through Cross-Realm Kerberos Trust ?
  • A single IPA domain which have multiple IPA server (Replica's) which needs to be trusted with Active Diretory.

The following entries are seen in the SSSD backend logs on the IPA client:

(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 16
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x14a23c0], connected[1], ops[0x14a56d0], ldap[0x14aa4a0]
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Protocol error(2), (null)
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Mon Jul 27 12:34:40 2015) [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158221,Account info lookup failed

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content