On Mon, Mar 30, 2015 at 11:04:58AM -0400, Gould, Joshua wrote:
> 
> We’re trying SSO from the test domain conroller via ssh (putty) to the
> test IPA server.
> 
> Unix.test.osuwmc is the IPA realm.  > Test.osuwmc is the AD realm.
> 
> IPA server is RHEL 7.1
> Windows AD DC is Windows Server 2008 R2
> 
> They have a two way trust and we’re mapping SID’s. Since most of our SID’s
> are in the 300,000, we chose to add 1M to each SID to make mapping them
> easy.

Can you check that

        /etc/krb5.conf

contains line

        includedir /var/lib/sss/pubconf/krb5.include.d/

and that

        /var/lib/sss/pubconf/krb5.include.d/localauth_plugin

exists and configures

        module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so

?

-- 
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to