On 01/02/2014 04:45 PM, Genadi Postrilko wrote: > Its a newly installed IPA Server, haven't added any Rules. > > The relevant output from /var/log/secure : > > Jan 2 13:36:24 ipaserver sshd[4864]: Invalid user from 192.168.227.100 > Jan 2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid user > Jan 2 13:36:26 ipaserver sshd[4865]: Connection closed by 192.168.227.100 > Jan 2 13:36:35 ipaserver sshd[4868]: Invalid user > administra...@addc.com <mailto:administra...@addc.com> from > 192.168.227.100 > Jan 2 13:36:35 ipaserver sshd[4869]: input_userauth_request: invalid > user administra...@addc.com <mailto:administra...@addc.com> > Jan 2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): check pass; > user unknown > Jan 2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= > rhost=192.168.227.100 > Jan 2 13:36:44 ipaserver sshd[4868]: pam_succeed_if(sshd:auth): error > retrieving information about user administra...@addc.com > <mailto:administra...@addc.com> > Jan 2 13:36:46 ipaserver sshd[4868]: Failed password for invalid user > administra...@addc.com <mailto:administra...@addc.com> from > 192.168.227.100 port 62484 ssh2 > > > > 2014/1/2 Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > > Genadi Postrilko wrote: > > Hi all. > > I have a running IPA Server (3.0.0-37) on RHEL 6.2. > I'm trying to create Trust between IPA server and AD (In > different DNS > domains). I followed the red hat guide > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf. > > When i completed the needed step to create the trust and > retrieved a krb > ticket from the AD server: > > [root@ipaserver ~]# kinit administra...@addc.com > <mailto:administra...@addc.com> > <mailto:administra...@addc.com <mailto:administra...@addc.com>> > Password for administra...@addc.com > <mailto:administra...@addc.com> <mailto:administra...@addc.com > <mailto:administra...@addc.com>>: > > [root@ipaserver ~]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: administra...@addc.com > <mailto:administra...@addc.com> <mailto:administra...@addc.com > <mailto:administra...@addc.com>> > > > Valid starting Expires Service principal > 01/02/14 12:20:30 01/02/14 22:20:34 krbtgt/addc....@addc.com > <mailto:addc....@addc.com> > <mailto:addc....@addc.com <mailto:addc....@addc.com>> > > renew until 01/03/14 12:20:30 > > But when i try to connect to the IPA server via SHH (Putty) i get > "Access denied" message: > > login as: administra...@addc.com > <mailto:administra...@addc.com> <mailto:administra...@addc.com > <mailto:administra...@addc.com>> > administra...@addc.com@192.168.227.128 > <http://192.168.227.128> <http://192.168.227.128>'s password: > > Access denied > > Any ideas on what i could have done wrong in the process of > creating the > trust? > > > I'd check the sssd logs and /var/log/secure. > > Do you have any HBAC rules? > > rob > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
Looks an error similar to what I see in the other thread. Unfortunately be might need to wait till Monday for Alexander, Sumit and Jakub to come back and provide help. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users