I am using trust between AD and IPA

AD domain: ad.corp.example.com
IPA domain: ipa.corp.example.com

I am able to login using SSH to the IPA server using the AD user, when I am
trying to login using
SSH to the Linux client which is a member of the IPA domain it does not

Please find my /etc/krb5.conf in the client machine below

  #default_realm = IPA.CORP.EXAMPLE.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes
  udp_preference_limit = 0
#  default_ccache_name = KEYRING:persistent:%{uid}

    kdc = ipa01.ipa.corp.example.com:88
    master_kdc = ipa01.ipa.corp.example.com:88
    admin_server = ipa01.ipa.corp.example.com:749
    #default_domain = ipa.corp.example.com
    pkinit_anchors = FILE:/etc/ipa/ca.crt
    auth_to_local = RULE:[1:$1@$0](^.*@AD.CORP.EXAMPLE.COM$)s/@
    auth_to_local = DEFAULT


    kdc = ad01.ad.corp.example.com:88
    master_kdc = ad01.ad.corp.example.com:88

 .ipa.corp.example.com = IPA.CORP.EXAMPLE.COM
 ipa.corp.example.com = IPA.CORP.EXAMPLE.COM
 .ad.corp.example.com = AD.CORP.EXAMPLE.COM
 ad.corp.example.com = AD.CORP.EXAMPLE.COM

Please find my SSD config below

config_file_version = 2
services = nss, sudo, pam, ssh
domains = ipa.corp.exampl.com

homedir_substring = /home

debug_level = 9
krb5_store_password_if_offline = True
id_provider = ipa
auth_provider = ipa
access_provider = ipa
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.corp.example.com
ipa_hostname = host01.ipa.corp.example.com
ipa_server = _srv_, ipa01.ipa.corp.example.com
chpass_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
dns_discovery_domain = ipa.corp.example.com







Please find the krb5_child.log attached.

Please help me to understand what I am missing here or what may be the


Warm Regards


Attachment: krb5_child.log
Description: Binary data

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to