> On 9 Aug 2017, at 14:37, Supratik Goswami via FreeIPA-users 
> <freeipa-users@lists.fedorahosted.org> wrote:
> 
> Can someone please help me to figure out the issue? 
> 
> Please let me know if any other information is required
> 

Describing how you set up the idview and providing SSSD logs is a good start.

-  idoverrideuser-show “Default Trust View” supratik.gos...@ad.corp.example.com 
<mailto:supratik.gos...@ad.corp.example.com>
- the same with —all —raw
- enable sssd logs on the client
- run: date; sss_ssh_authorizedkeys supratik.gos...@ad.corp.example.com 
<mailto:supratik.gos...@ad.corp.example.com>; date
- attach the sssd logs

> On Wed, Aug 9, 2017 at 9:54 AM, Supratik Goswami <supratiksek...@gmail.com 
> <mailto:supratiksek...@gmail.com>> wrote:
> (Wed Aug  9 04:20:14 2017) [sssd[be[ipa.corp.example.com 
> <http://ipa.corp.example.com/>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default Trust 
> View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]
> 
> What I could see here is that it is searching as 'supratik.goswami' and not 
> 'supratik.gos...@ad.corp.example.com 
> <mailto:supratik.gos...@ad.corp.example.com>' which is the ID View user in 
> the IPA.
> 
> How do I fix this?
> 
> On Wed, Aug 9, 2017 at 8:53 AM, Supratik Goswami <supratiksek...@gmail.com 
> <mailto:supratiksek...@gmail.com>> wrote:
> Hello everyone,
> 
> I have a trust setup between AD and IPA, I have created a user in the 
> "Default Trust View" and
> updated the ssh public keys for that user.
> 
> When I am trying to login to any Linux system using the ad user it is not 
> able to find the keys.
> 
> Here is the sshd debug log.
> 
> Aug  9 03:04:01 host01 sshd[20102]: debug3: Running AuthorizedKeysCommand: 
> "/usr/bin/sss_ssh_authorizedkeys supratik.gosw...@ad.corp.example.com 
> <mailto:supratik.gosw...@ad.corp.example.com>" as "nobody"
> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
> Aug  9 03:04:01 host01 sshd[20102]: debug1: temporarily_use_uid: 99/99 (e=0/0)
> Aug  9 03:04:01 host01 sshd[20106]: debug3: sshd_selinux_setup_variables: 
> setting execution context
> Aug  9 03:04:01 host01 sshd[20102]: debug2: key not found
> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
> 
> My sshd_config file has the following entries
> 
> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
> AuthorizedKeysCommandUser nobody
> 
> What could be the issue?
> 
> 
> Thanks
> 
> -- 
> Warm Regards
> 
> Supratik
> 
> 
> 
> -- 
> Warm Regards
> 
> Supratik
> 
> 
> 
> -- 
> Warm Regards
> 
> Supratik
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to