[Freeipa-users] sssd and ipa+ad trust, ssh login errors
Sumit Bose
sbose at redhat.com
Fri Jul 3 18:00:51 UTC 2015
On Fri, Jul 03, 2015 at 07:52:12PM +0300, l at avc.su wrote:
> OK, seems like I've found the cause.
>
> /etc/sssd/sssd.conf
> default_domain_suffix = zone.local
>
> If I comment this out, I can login using password or publickey with ipa user
> and using password with AD user, but I need to specify the domain component.
> Found this thread:
> https://www.redhat.com/archives/freeipa-users/2015-February/msg00371.html
> And this bug: https://fedorahosted.org/sssd/ticket/2569
>
> Since it's fixed, it should appear in sssd 1.13 release?
yes, it is already in the alpha
https://fedorahosted.org/released/sssd/sssd-1.13.0alpha.tar.gz .
bye,
Sumit
>
> l at avc.su писал 2015-07-03 18:29:
> >Hello.
> >I've encountered an issue with ssh login to freeipa clients in trusted
> >environment.
> >getent/id commands working as expected, but password/publickey auth
> >for user from ipa or AD domain does not work (gssapi works, by the
> >way)
> >Seems like sss_ssh_authorizedkeys not working properly in this case.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list