Its a newly installed IPA Server, haven't added any Rules.

The relevant output from /var/log/secure :

Jan  2 13:36:24 ipaserver sshd[4864]: Invalid user  from 192.168.227.100
Jan  2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid user
Jan  2 13:36:26 ipaserver sshd[4865]: Connection closed by 192.168.227.100
Jan  2 13:36:35 ipaserver sshd[4868]: Invalid user
Administrator@ADDC.COMfrom 192.168.227.100
Jan  2 13:36:35 ipaserver sshd[4869]: input_userauth_request: invalid user
administra...@addc.com
Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): check pass; user
unknown
Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.100
Jan  2 13:36:44 ipaserver sshd[4868]: pam_succeed_if(sshd:auth): error
retrieving information about user administra...@addc.com
Jan  2 13:36:46 ipaserver sshd[4868]: Failed password for invalid user
administra...@addc.com from 192.168.227.100 port 62484 ssh2



2014/1/2 Rob Crittenden <rcrit...@redhat.com>

> Genadi Postrilko wrote:
>
>> Hi all.
>>
>> I have a running IPA Server (3.0.0-37) on RHEL 6.2.
>> I'm trying  to create Trust between IPA server and AD (In different DNS
>> domains). I followed the red hat guide
>> https://access.redhat.com/site/documentation/en-US/Red_
>> Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_
>> Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf.
>>
>> When i completed the needed step to create the trust and retrieved a krb
>> ticket from the AD server:
>>
>> [root@ipaserver ~]# kinit administra...@addc.com
>> <mailto:administra...@addc.com>
>> Password for administra...@addc.com <mailto:administra...@addc.com>:
>>
>> [root@ipaserver ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: administra...@addc.com <mailto:administra...@addc.com>
>>
>>
>> Valid starting     Expires            Service principal
>> 01/02/14 12:20:30  01/02/14 22:20:34  krbtgt/addc....@addc.com
>> <mailto:addc....@addc.com>
>>
>>          renew until 01/03/14 12:20:30
>>
>> But when i try to connect to the IPA server via SHH (Putty) i get
>> "Access denied" message:
>>
>> login as: administra...@addc.com <mailto:administra...@addc.com>
>> administra...@addc.com@192.168.227.128 <http://192.168.227.128>'s
>> password:
>>
>> Access denied
>>
>> Any ideas on what i could have done wrong in the process of creating the
>> trust?
>>
>
> I'd check the sssd logs and /var/log/secure.
>
> Do you have any HBAC rules?
>
> rob
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to