Here are the *sssd.log, **sssd_nss.log. *Other logs where empty of did not
contain the output for the relevant log in.

https://gist.github.com/anonymous/8228284


2014/1/2 Dmitri Pal <d...@redhat.com>

>  On 01/02/2014 04:45 PM, Genadi Postrilko wrote:
>
>  Its a newly installed IPA Server, haven't added any Rules.
>
>  The relevant output from /var/log/secure :
>
> Jan  2 13:36:24 ipaserver sshd[4864]: Invalid user  from 192.168.227.100
> Jan  2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid user
> Jan  2 13:36:26 ipaserver sshd[4865]: Connection closed by 192.168.227.100
> Jan  2 13:36:35 ipaserver sshd[4868]: Invalid user Administrator@ADDC.COMfrom 
> 192.168.227.100
> Jan  2 13:36:35 ipaserver sshd[4869]: input_userauth_request: invalid user
> administra...@addc.com
> Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): check pass;
> user unknown
> Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.100
> Jan  2 13:36:44 ipaserver sshd[4868]: pam_succeed_if(sshd:auth): error
> retrieving information about user administra...@addc.com
> Jan  2 13:36:46 ipaserver sshd[4868]: Failed password for invalid user
> administra...@addc.com from 192.168.227.100 port 62484 ssh2
>
>
>
>  2014/1/2 Rob Crittenden <rcrit...@redhat.com>
>
>> Genadi Postrilko wrote:
>>
>>>  Hi all.
>>>
>>> I have a running IPA Server (3.0.0-37) on RHEL 6.2.
>>> I'm trying  to create Trust between IPA server and AD (In different DNS
>>> domains). I followed the red hat guide
>>>
>>> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf
>>> .
>>>
>>> When i completed the needed step to create the trust and retrieved a krb
>>> ticket from the AD server:
>>>
>>> [root@ipaserver ~]# kinit administra...@addc.com
>>>  <mailto:administra...@addc.com>
>>> Password for administra...@addc.com <mailto:administra...@addc.com>:
>>>
>>> [root@ipaserver ~]# klist
>>> Ticket cache: FILE:/tmp/krb5cc_0
>>>  Default principal: administra...@addc.com <mailto:
>>> administra...@addc.com>
>>>
>>>
>>> Valid starting     Expires            Service principal
>>> 01/02/14 12:20:30  01/02/14 22:20:34  krbtgt/addc....@addc.com
>>>  <mailto:addc....@addc.com>
>>>
>>>          renew until 01/03/14 12:20:30
>>>
>>> But when i try to connect to the IPA server via SHH (Putty) i get
>>> "Access denied" message:
>>>
>>>  login as: administra...@addc.com <mailto:administra...@addc.com>
>>> administra...@addc.com@192.168.227.128 <http://192.168.227.128>'s
>>> password:
>>>
>>> Access denied
>>>
>>> Any ideas on what i could have done wrong in the process of creating the
>>> trust?
>>>
>>
>> I'd check the sssd logs and /var/log/secure.
>>
>> Do you have any HBAC rules?
>>
>> rob
>>
>
>
>
> _______________________________________________
> Freeipa-users mailing 
> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> Looks an error similar to what I see in the other thread.
> Unfortunately be might need to wait till Monday for Alexander, Sumit and
> Jakub to come back and provide help.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to