Hello all,
sorry if this question was already several times discussed, nevertheless, i am stuck with
setting up a trust between FreeIPA and AD.
To be more precise, the one way Trus is setup and i can log in into Freeipa server with AD
credentials.
I have also a bunch of servers with ipa-client configured and i am able to login to them
with Freeipa accounts, but not ADs.
1) Did i understood correctly, that clients should "somehow" authenticate to AD
via Freeipa? Or do they need to contact directly AD?
2) If the clients should be configured to talk to AD, which configurations are needed?
3) The way i am trying to login is as follows:
ssh -v -l ad_user@ad_domain hostname
4) In logs i have such errors during authentication:
sshd[11294]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=10.45.33.1 user=ad_user@ad_domain
sshd[11294]: pam_sss(sshd:auth): received for user ad_user@ad_domain: 6 (Permission
denied)
sshd[11290]: error: PAM: Authentication failure for ad_user@ad_domain from 10.45.33.1
sshd[11290]: Connection closed by authenticating user user_ad@ad_domain 10.45.33.1 port
40108 [preauth]
Thanks in advance!