On Fri, Jul 03, 2015 at 07:52:12PM +0300, l...@avc.su wrote: > OK, seems like I've found the cause. > > /etc/sssd/sssd.conf > default_domain_suffix = zone.local > > If I comment this out, I can login using password or publickey with ipa user > and using password with AD user, but I need to specify the domain component. > Found this thread: > https://www.redhat.com/archives/freeipa-users/2015-February/msg00371.html > And this bug: https://fedorahosted.org/sssd/ticket/2569 > > Since it's fixed, it should appear in sssd 1.13 release?
yes, it is already in the alpha https://fedorahosted.org/released/sssd/sssd-1.13.0alpha.tar.gz . bye, Sumit > > l...@avc.su писал 2015-07-03 18:29: > >Hello. > >I've encountered an issue with ssh login to freeipa clients in trusted > >environment. > >getent/id commands working as expected, but password/publickey auth > >for user from ipa or AD domain does not work (gssapi works, by the > >way) > >Seems like sss_ssh_authorizedkeys not working properly in this case. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project