(Wed Aug  9 04:20:14 2017) [sssd[be[ipa.corp.example.com]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]

What I could see here is that it is searching as 'supratik.goswami' and not
'supratik.gos...@ad.corp.example.com' which is the ID View user in the IPA.

How do I fix this?

On Wed, Aug 9, 2017 at 8:53 AM, Supratik Goswami <supratiksek...@gmail.com>
wrote:

> Hello everyone,
>
> I have a trust setup between AD and IPA, I have created a user in the
> "Default Trust View" and
> updated the ssh public keys for that user.
>
> When I am trying to login to any Linux system using the ad user it is not
> able to find the keys.
>
> Here is the sshd debug log.
>
> Aug  9 03:04:01 host01 sshd[20102]: debug3: Running AuthorizedKeysCommand:
> "/usr/bin/sss_ssh_authorizedkeys supratik.gosw...@ad.corp.example.com" as
> "nobody"
> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
> Aug  9 03:04:01 host01 sshd[20102]: debug1: temporarily_use_uid: 99/99
> (e=0/0)
> Aug  9 03:04:01 host01 sshd[20106]: debug3: sshd_selinux_setup_variables:
> setting execution context
> Aug  9 03:04:01 host01 sshd[20102]: debug2: key not found
> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>
> My sshd_config file has the following entries
>
> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
> AuthorizedKeysCommandUser nobody
>
> What could be the issue?
>
>
> Thanks
>
> --
> Warm Regards
>
> Supratik
>



-- 
Warm Regards

Supratik
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to