Hi, I have RH's version of freeipa (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine. RHEL8, RHEL7, Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for users in IPA..
For the cross domain trust however only RHEL8 and RHEL7 work. Debian10.9, Ubuntu20LTS and Centos7 fail for the AD user who cannot ssh in. Is there any config I need to do to get 3rd party Linux to work with a trust? Just wondering if I have missed a package? config? steps? or does it just not work? rhel7 secure log showing success, 8><---- Jun 9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz user=linuxuser2(a)vuwtest.ac.nz Jun 9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 48 Jun 9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for user linuxuser2(a)vuwtest.ac.nz by (uid=0) [root@rhel7a ~]# 8><--- centos7 secure log, 8><--- [root@centos7a ~]# tail -50f /var/log/secure Jun 9 17:15:24 centos7a sshd[1812]: Invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 Jun 9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user linuxuser2(a)vuwtest.ac.nz [preauth] Jun 9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user unknown Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67 Jun 9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the underlying authentication module for illegal user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 Jun 9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 Jun 9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] 8><--- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
