<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Jul 11, 2014 at 4:54 PM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
<div>On 07/11/2014 03:27 PM, tizo wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra">
<div class="gmail_quote">On Fri, Jul 4, 2014 at 5:09 PM, tizo
<span dir="ltr"><<a href="mailto:tizone@gmail.com" target="_blank">tizone@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>
<div>I have seen in <a href="http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Trusts_and_Windows_Server_2003_R2" target="_blank">http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Trusts_and_Windows_Server_2003_R2</a>
that trusts can be configured with Windows Server
2003 R2.<br>
<br>
</div>
We have a Windows Server 2003 (not R2). Before
starting to make some tests, does anyone know if
trusts can be configured with this version of Windows
Server 2003?.<br>
<br>
</div>
Thanks very much.<br>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">As I have not received any answer, I
decided to give it a try. I follow the document step by step
with our Windows 2003, and everything looks good, except when
I try to login to the FreeIPA server with an AD user (ssh or
tty).<br>
<br>
</div>
<div class="gmail_extra">Does anyone know how could I debug this
problem?.<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote></div></div>
Sorry that you did not get a response. It is a hot time, a lot of
people on vacation and we also got 4.0 just out of the door.<br>
<br>
Set debug_level to 10 in the sssd.conf. It will create a lot of
output and this might give you a hint of what is going on. From
there you will see whether the user is processed by SSSD or SSH is
not configured and user do not hit SSSD at all (unlikely), and if
user is processed what the problem is.<span class=""><font color="#888888"><br>
</font></span><br></div></blockquote></div><br></div><div class="gmail_extra">Thanks Dmitri. I set the debug_level to 10, and the file sssd_my.domain.com.log is telling something about the AD user trying to connect with SSH. I am sending it to you privately, because it contains some sensitive information. <br>
</div></div>