Am Wed, Jun 09, 2021 at 07:32:49PM -0000 schrieb thing.thing--- via FreeIPA-users: > Hi, > > I have RH's version of freeipa > (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine. > RHEL8, RHEL7, > Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for > users in > IPA.. > > For the cross domain trust however only RHEL8 and RHEL7 work. Debian10.9, > Ubuntu20LTS and > Centos7 fail for the AD user who cannot ssh in. > > Is there any config I need to do to get 3rd party Linux to work with a trust? > Just > wondering if I have missed a package? config? steps? > > or does it just not work? > > rhel7 secure log showing success, > > 8><---- > Jun 9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success; > logname= > uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz > user=linuxuser2(a)vuwtest.ac.nz > Jun 9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for > linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 48 > Jun 9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for > user > linuxuser2(a)vuwtest.ac.nz by (uid=0) > [root@rhel7a ~]# > 8><--- > > > centos7 secure log, > > 8><--- > [root@centos7a ~]# tail -50f /var/log/secure > Jun 9 17:15:24 centos7a sshd[1812]: Invalid user linuxuser2(a)vuwtest.ac.nz > from > 10.100.32.67 port 53880
Hi, it looks like the user cannot be resolved on this system. Does getent passwd linuxuser2(a)vuwtest.ac.nz work on this system? bye, Sumit > Jun 9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user > linuxuser2(a)vuwtest.ac.nz [preauth] > Jun 9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for > invalid user > linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] > Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user > unknown > Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication > failure; logname= > uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67 > Jun 9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the > underlying > authentication module for illegal user linuxuser2(a)vuwtest.ac.nz from > 10.100.32.67 > Jun 9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for > invalid user > linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 > Jun 9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for > invalid user > linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] > 8><--- > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure