On 2017-07-06 08:25, Robert Sturrock via FreeIPA-users wrote:
We have a test IPA server with HBAC allow_all and we can ssh to it reliably as 
a regular user, but when we try to ssh as ‘first name.lastname@affiliate’ we 
see the following exceptions in /var/log/sssd/krb5_child.log:

I had a very similar problem in my environment. I had to add the UPN suffix manually and there is a bug in SSSD related to this:

This bug might affect you. Sumit Bose would know for sure if it does.

Ronald Wimmer
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to