[Freeipa-users] Unable to Login until Trust is Repaired

[Jonathan Bradford]

This is my first post on the IPA mailing list. Hey guys :)

I've successfully walked through the IdM Red Hat document on "Integrating
with Active Directory Through Cross-Realm Kerberos Trusts" using separate
DNS domains. I've reached the part where you test the trust using SSH via
PuTTY, and I have noticed a problem.

If I add a user in Active Directory (group mapping is on), the user cannot
immediately SSH to an IPA host. In fact, it never allows me to login until
I first login to a Windows machine with the account and then repair the
trust via AD.

To repair the trust, I have to go to AD Domains and Trusts > Properties >
Trusts> and Validate the incoming and outgoing connections. When I do this,
it gives me an error message about the RPC server not running, but if I
proceed, it eventually tells me that the connection has been repaired. Only
after doing this can I successfully SSH with a new user.

Do you have any idea why this might be happening? I have followed Red Hat's
documentation exactly, so I am not sure why I am having issues. If you have
any thoughts or ideas, I would greatly appreciate them. Thanks!

-Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141112/136dd415/attachment.htm>