[Freeipa-users] Freeipa-client authentication against AD

Hello all, sorry if this question was already several times discussed, nevertheless, i am stuck with setting up a trust between FreeIPA and AD. To be more precise, the one way Trus is setup and i can log in into Freeipa server with AD credentials. I have also a bunch of servers with ipa-client configured and i am able to login to them with Freeipa accounts, but not ADs. 1) Did i understood correctly, that clients should "somehow" authenticate to AD via Freeipa? Or do they need to contact directly AD? 2) If the clients should be configured to talk to AD, which configurations are needed? 3) The way i am trying to login is as follows: 4) In logs i have such errors during authentication: sshd[11294]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.45.33.1 user=ad_user@ad_domain sshd[11294]: pam_sss(sshd:auth): received for user ad_user@ad_domain: 6 (Permission denied) sshd[11290]: error: PAM: Authentication failure for ad_user@ad_domain from 10.45.33.1 sshd[11290]: Connection closed by authenticating user user_ad@ad_domain 10.45.33.1 port 40108 [preauth] Thanks in advance!