Genadi Postrilko wrote:
Hi all.
I have a running IPA Server (3.0.0-37) on RHEL 6.2.
I'm trying to create Trust between IPA server and AD (In different DNS
domains). I followed the red hat guide
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf.
When i completed the needed step to create the trust and retrieved a krb
ticket from the AD server:
[root@ipaserver ~]# kinit [email protected]
<mailto:[email protected]>
Password for [email protected] <mailto:[email protected]>:
[root@ipaserver ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected] <mailto:[email protected]>
Valid starting Expires Service principal
01/02/14 12:20:30 01/02/14 22:20:34 krbtgt/[email protected]
<mailto:[email protected]>
renew until 01/03/14 12:20:30
But when i try to connect to the IPA server via SHH (Putty) i get
"Access denied" message:
login as: [email protected] <mailto:[email protected]>
[email protected]@192.168.227.128 <http://192.168.227.128>'s password:
Access denied
Any ideas on what i could have done wrong in the process of creating the
trust?
I'd check the sssd logs and /var/log/secure.
Do you have any HBAC rules?
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
