<div dir="rtl"><div dir="ltr">Here are the <strong class="">sssd.log, </strong><strong class="">sssd_nss.log. </strong><span class="">Other logs where </span>empty of did not contain the output for the relevant log in.<br>
<br><a href="https://gist.github.com/anonymous/8228284">https://gist.github.com/anonymous/8228284</a><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div dir="ltr">2014/1/2 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span></div>
<blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
    On 01/02/2014 04:45 PM, Genadi Postrilko wrote:
    </div></div><blockquote type="cite"><div><div class="h5">
      <div dir="rtl">
        <div dir="ltr">Its a newly installed IPA Server, haven't added
          any Rules.<br>
        </div>
        <div dir="ltr"><br>
        </div>
        <div dir="ltr">The relevant output from /var/log/secure :<br>
          <br>
          Jan  2 13:36:24 ipaserver sshd[4864]: Invalid user  from
          192.168.227.100<br>
          Jan  2 13:36:24 ipaserver sshd[4865]: input_userauth_request:
          invalid user<br>
          Jan  2 13:36:26 ipaserver sshd[4865]: Connection closed by
          192.168.227.100<br>
          Jan  2 13:36:35 ipaserver sshd[4868]: Invalid user <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>
          from 192.168.227.100<br>
          Jan  2 13:36:35 ipaserver sshd[4869]: input_userauth_request:
          invalid user <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a><br>
          Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth):
          check pass; user unknown<br>
          Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth):
          authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
          rhost=192.168.227.100<br>
          Jan  2 13:36:44 ipaserver sshd[4868]:
          pam_succeed_if(sshd:auth): error retrieving information about
          user <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a><br>
          Jan  2 13:36:46 ipaserver sshd[4868]: Failed password for
          invalid user <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>
          from 192.168.227.100 port 62484 ssh2<br>
          <br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">
          <div dir="ltr">2014/1/2 Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span></div>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            Genadi Postrilko wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div>
                Hi all.<br>
                <br>
                I have a running IPA Server (3.0.0-37) on RHEL 6.2.<br>
                I'm trying  to create Trust between IPA server and AD
                (In different DNS<br>
                domains). I followed the red hat guide<br>
                <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf</a>.<br>

                <br>
                When i completed the needed step to create the trust and
                retrieved a krb<br>
                ticket from the AD server:<br>
                <br>
                [root@ipaserver ~]# kinit <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a><br>
              </div>
              <mailto:<a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>><br>
              Password for <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>
              <mailto:<a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>>:
              <div><br>
                [root@ipaserver ~]# klist<br>
                Ticket cache: <a>FILE:/tmp/krb5cc_0</a><br>
              </div>
              Default principal: <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>
              <mailto:<a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>>
              <div>
                <br>
                <br>
                Valid starting     Expires            Service principal<br>
                01/02/14 12:20:30  01/02/14 22:20:34  krbtgt/<a href="mailto:ADDC.COM@ADDC.COM" target="_blank">ADDC.COM@ADDC.COM</a><br>
              </div>
              <mailto:<a href="mailto:ADDC.COM@ADDC.COM" target="_blank">ADDC.COM@ADDC.COM</a>>
              <div><br>
                         renew until 01/03/14 12:20:30<br>
                <br>
                But when i try to connect to the IPA server via SHH
                (Putty) i get<br>
                "Access denied" message:<br>
                <br>
              </div>
              login as: <a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>
              <mailto:<a href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>><br>
              <a href="mailto:Administrator@ADDC.COM@" target="_blank">Administrator@ADDC.COM@</a><a href="http://192.168.227.128" target="_blank">192.168.227.128</a>
              <<a href="http://192.168.227.128" target="_blank">http://192.168.227.128</a>>'s
              password:
              <div><br>
                Access denied<br>
                <br>
                Any ideas on what i could have done wrong in the process
                of creating the<br>
                trust?<br>
              </div>
            </blockquote>
            <br>
            I'd check the sssd logs and /var/log/secure.<br>
            <br>
            Do you have any HBAC rules?<span><font color="#888888"><br>
                <br>
                rob<br>
              </font></span></blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><div class="im"><pre>_______________________________________________
Freeipa-users mailing list
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </div></blockquote>
    <br>
    Looks an error similar to what I see in the other thread.<br>
    Unfortunately be might need to wait till Monday for Alexander, Sumit
    and Jakub to come back and provide help.<span class="HOEnZb"><font color="#888888"><br>
    <br>
    <pre cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>


</pre>
  </font></span></div>

<br>_______________________________________________<br>
Freeipa-users mailing list<br>
<a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div><br></div>