Hi, I have RH's version of freeipa (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine. RHEL8, RHEL7, Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for users in IPA..
For the cross domain trust however only RHEL8 and RHEL7 work. Debian10.9, Ubuntu20LTS and Centos7 fail for the AD user who cannot ssh in.. Is there any config I need to do to get 3rd party Linux to work with a trust? Just wondering if I have missed a package? config? steps? or does it just not work? rhel7 secure log showing success, 8><---- Jun 9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz user=linuxus...@vuwtest.ac.nz Jun 9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for linuxus...@vuwtest.ac.nz from 10.100.32.67 port 48 Jun 9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for user linuxus...@vuwtest.ac.nz by (uid=0) [root@rhel7a ~]# 8><--- centos7 secure log, 8><--- [root@centos7a ~]# tail -50f /var/log/secure Jun 9 17:15:24 centos7a sshd[1812]: Invalid user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 Jun 9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user linuxus...@vuwtest.ac.nz [preauth] Jun 9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user unknown Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67 Jun 9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the underlying authentication module for illegal user linuxus...@vuwtest.ac.nz from 10.100.32.67 Jun 9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for invalid user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 Jun 9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxus...@vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure