Hi, I've got a fresh FreeIPA server running on Rocky 9, and I'm having trouble diagnosing issues with a one way incoming external trust with an active directory server.
It looks like the trust is properly created on both sides and verified, but when I try to log in with an AD user to the FreeIPA server via SSH, I get permission denied (after asking for my password 3 times). I'm also having trouble finding where any of this login process is being logged on the FreeIPA side. Could I get some help figuring out where to look for logs related to this failed AD login and how to troubleshoot a failure like this? IPA server details: [root@freeipa1 ~]# ipa --version VERSION: 4.10.1, API_VERSION: 2.251 [root@freeipa1 ~]# cat /etc/*release* NAME="Rocky Linux" VERSION="9.2 (Blue Onyx)" ID="rocky" ID_LIKE="rhel centos fedora" VERSION_ID="9.2" PLATFORM_ID="platform:el9" PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)" ANSI_COLOR="0;32" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:rocky:rocky:9::baseos" HOME_URL="https://rockylinux.org/"; BUG_REPORT_URL="https://bugs.rockylinux.org/"; SUPPORT_END="2032-05-31" ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9" ROCKY_SUPPORT_PRODUCT_VERSION="9.2" REDHAT_SUPPORT_PRODUCT="Rocky Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.2" Rocky Linux release 9.2 (Blue Onyx) Rocky Linux release 9.2 (Blue Onyx) Derived from Red Hat Enterprise Linux 9.2 Rocky Linux release 9.2 (Blue Onyx) cpe:/o:rocky:rocky:9::baseos [root@freeipa1 ~]# Thanks, Erik
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
