Hi,

I have RH's version of freeipa 
(ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine.   
RHEL8, RHEL7, Debian10.9, Ubuntu20LTS and Centos7 clients  work perfectly OK to 
IPA OK for users in IPA..

For the cross domain trust however only RHEL8 and RHEL7 work.  Debian10.9, 
Ubuntu20LTS and Centos7 fail for the AD user who cannot ssh in..

Is there any config I need to do to get 3rd party Linux to work with a trust?  
Just wondering if I have missed a package? config?  steps?

or does it just not work?

rhel7 secure log showing success,

8><----
Jun  9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success; 
logname= uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz 
user=linuxus...@vuwtest.ac.nz
Jun  9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for 
linuxus...@vuwtest.ac.nz from 10.100.32.67 port 48
Jun  9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for 
user linuxus...@vuwtest.ac.nz by (uid=0)
[root@rhel7a ~]#
8><---


centos7 secure log,

8><---
[root@centos7a ~]# tail -50f /var/log/secure
Jun  9 17:15:24 centos7a sshd[1812]: Invalid user linuxus...@vuwtest.ac.nz from 
10.100.32.67 port 53880
Jun  9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user 
linuxus...@vuwtest.ac.nz [preauth]
Jun  9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for invalid 
user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth]
Jun  9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user 
unknown
Jun  9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67
Jun  9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the 
underlying authentication module for illegal user linuxus...@vuwtest.ac.nz from 
10.100.32.67
Jun  9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for 
invalid user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2
Jun  9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for invalid 
user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth]
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to