Genadi Postrilko wrote:
Hi all.

I have a running IPA Server (3.0.0-37) on RHEL 6.2.
I'm trying  to create Trust between IPA server and AD (In different DNS
domains). I followed the red hat guide
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf.

When i completed the needed step to create the trust and retrieved a krb
ticket from the AD server:

[root@ipaserver ~]# kinit administra...@addc.com
<mailto:administra...@addc.com>
Password for administra...@addc.com <mailto:administra...@addc.com>:
[root@ipaserver ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@addc.com <mailto:administra...@addc.com>

Valid starting     Expires            Service principal
01/02/14 12:20:30  01/02/14 22:20:34  krbtgt/addc....@addc.com
<mailto:addc....@addc.com>
         renew until 01/03/14 12:20:30

But when i try to connect to the IPA server via SHH (Putty) i get
"Access denied" message:

login as: administra...@addc.com <mailto:administra...@addc.com>
administra...@addc.com@192.168.227.128 <http://192.168.227.128>'s password:
Access denied

Any ideas on what i could have done wrong in the process of creating the
trust?

I'd check the sssd logs and /var/log/secure.

Do you have any HBAC rules?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to