[Freeipa-users] Unable to ssh after establishing trust
pgb205
pgb205 at yahoo.com
Mon Jul 11 03:46:57 UTC 2016
I have successfully established trust and am able to obtain ticket granting ticketkinit user at AD_DOMAIN.COMI can also do kinit admin at IPA_DOMAIN.COMssh admin at IPA_DOMAIN.COM also works
however, ssh user at AD_DOMAIN.COM or user at ad_domain.com fails
I have checked that there are no hbac rules other then the default allow_all rule
in sssd_ssh.log see
permission denied (6) error in sssd_ipa.domain.log file I see
pam_handler_callback 6 permission_denied
in sssd_nss.log Unable to get information from Data ProviderError: 3 Account info lookup failedWill try to return what we have in cache
in /var/log/secure received for user user at AD_DOMAIN.COM: 6 (Permission denied)
I can provided full logs if necessary to diagnose the above problem.
----------Additionally, I would like to be able to login as user not user at AD_DOMAIN.COM
My understanding that only thing that I have to change to make this happen is /etc/krb5.conffor line
[libdefaults] default_realm=AD_DOMAN.COM and then restarting ipa services.
However, when I do this I get failure to restart Samba service
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160711/1dcd04a1/attachment.htm>
More information about the Freeipa-users
mailing list