Am Wed, Jun 09, 2021 at 07:32:49PM -0000 schrieb thing.thing--- via
FreeIPA-users:
> Hi,
>
> I have RH's version of freeipa
> (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine.
> RHEL8, RHEL7,
> Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for
> users in
> IPA..
>
> For the cross domain trust however only RHEL8 and RHEL7 work. Debian10.9,
> Ubuntu20LTS and
> Centos7 fail for the AD user who cannot ssh in.
>
> Is there any config I need to do to get 3rd party Linux to work with a trust?
> Just
> wondering if I have missed a package? config? steps?
>
> or does it just not work?
>
> rhel7 secure log showing success,
>
> 8><----
> Jun 9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success;
> logname=
> uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz
> user=linuxuser2(a)vuwtest.ac.nz
> Jun 9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for
> linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 48
> Jun 9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for
> user
> linuxuser2(a)vuwtest.ac.nz by (uid=0)
> [root@rhel7a ~]#
> 8><---
>
>
> centos7 secure log,
>
> 8><---
> [root@centos7a ~]# tail -50f /var/log/secure
> Jun 9 17:15:24 centos7a sshd[1812]: Invalid user linuxuser2(a)vuwtest.ac.nz
> from
> 10.100.32.67 port 53880
Hi,
it looks like the user cannot be resolved on this system. Does
getent passwd linuxuser2(a)vuwtest.ac.nz
work on this system?
bye,
Sumit
> Jun 9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user
> linuxuser2(a)vuwtest.ac.nz [preauth]
> Jun 9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for
> invalid user
> linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth]
> Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user
> unknown
> Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication
> failure; logname=
> uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67
> Jun 9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the
> underlying
> authentication module for illegal user linuxuser2(a)vuwtest.ac.nz from
> 10.100.32.67
> Jun 9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for
> invalid user
> linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2
> Jun 9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for
> invalid user
> linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth]
> 8><---
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
