Can someone please help me to figure out the issue?

Please let me know if any other information is required

On Wed, Aug 9, 2017 at 9:54 AM, Supratik Goswami <supratiksek...@gmail.com>
wrote:

> (Wed Aug  9 04:20:14 2017) [sssd[be[ipa.corp.example.com]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default Trust
> View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]
>
> What I could see here is that it is searching as 'supratik.goswami' and
> not 'supratik.gos...@ad.corp.example.com' which is the ID View user in
> the IPA.
>
> How do I fix this?
>
> On Wed, Aug 9, 2017 at 8:53 AM, Supratik Goswami <supratiksek...@gmail.com
> > wrote:
>
>> Hello everyone,
>>
>> I have a trust setup between AD and IPA, I have created a user in the
>> "Default Trust View" and
>> updated the ssh public keys for that user.
>>
>> When I am trying to login to any Linux system using the ad user it is not
>> able to find the keys.
>>
>> Here is the sshd debug log.
>>
>> Aug  9 03:04:01 host01 sshd[20102]: debug3: Running
>> AuthorizedKeysCommand: "/usr/bin/sss_ssh_authorizedkeys
>> supratik.gosw...@ad.corp.example.com" as "nobody"
>> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>> Aug  9 03:04:01 host01 sshd[20102]: debug1: temporarily_use_uid: 99/99
>> (e=0/0)
>> Aug  9 03:04:01 host01 sshd[20106]: debug3: sshd_selinux_setup_variables:
>> setting execution context
>> Aug  9 03:04:01 host01 sshd[20102]: debug2: key not found
>> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>>
>> My sshd_config file has the following entries
>>
>> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
>> AuthorizedKeysCommandUser nobody
>>
>> What could be the issue?
>>
>>
>> Thanks
>>
>> --
>> Warm Regards
>>
>> Supratik
>>
>
>
>
> --
> Warm Regards
>
> Supratik
>



-- 
Warm Regards

Supratik
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to