On 2017-07-06 08:25, Robert Sturrock via FreeIPA-users wrote:
[...]
We have a test IPA server with HBAC allow_all and we can ssh to it reliably as 
a regular user, but when we try to ssh as ‘first name.lastname@affiliate’ we 
see the following exceptions in /var/log/sssd/krb5_child.log:
[...]

I had a very similar problem in my environment. I had to add the UPN suffix manually and there is a bug in SSSD related to this:
https://bugzilla.redhat.com/show_bug.cgi?id=1441077

This bug might affect you. Sumit Bose would know for sure if it does.

Regards,
Ronald Wimmer
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to