On (02/08/17 18:01), Tristan Bouillon wrote: >OK, tried to be clear but looks like I'm not :) >No big deal let's try again > >Use case >I'm connected to a linux jumpbox (let's say jb.example.com) which is >in domain example.com. >I do: "$ kinit tbouillon" and get a working ticket. I can connect with >user tbouillon via ssh to all servers in example.com domain via SSSD. >Now I have this server which is in child.example.com, and I want to >connect from jb.example.com to server1.child.example.com > >I do tbouil...@jb.example.com $ ssh server1.child.example.com -l >'tbouil...@example.com' >I get this result: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). >Obvisouly I expected a shell like: tbouil...@server1.child.example.com > >So the ssh command doesn't work well also when on >server1.child.examplel.com I get >kinit tbouil...@example.com >Password for tbouil...@example.com: >kinit: KDC reply did not match expectations while getting initial credentials > >Here is the sssd.conf, sshd.log from server1, sssd.log >
I cannot see any problem in attached sssd log. IMHO the best would be to follow our troubleshooting page https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org