Am Wed, Jun 09, 2021 at 07:32:49PM -0000 schrieb thing.thing--- via FreeIPA-users:
Hi,
I have RH's version of freeipa (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine. RHEL8, RHEL7, Debian10.9, Ubuntu20LTS and Centos7 clients work perfectly OK to IPA OK for users in IPA..
For the cross domain trust however only RHEL8 and RHEL7 work. Debian10.9, Ubuntu20LTS and Centos7 fail for the AD user who cannot ssh in.
Is there any config I need to do to get 3rd party Linux to work with a trust? Just wondering if I have missed a package? config? steps?
or does it just not work?
rhel7 secure log showing success,
8><---- Jun 9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz user=linuxuser2(a)vuwtest.ac.nz Jun 9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 48 Jun 9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for user linuxuser2(a)vuwtest.ac.nz by (uid=0) [root@rhel7a ~]# 8><---
centos7 secure log,
8><--- [root@centos7a ~]# tail -50f /var/log/secure Jun 9 17:15:24 centos7a sshd[1812]: Invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880
Hi,
it looks like the user cannot be resolved on this system. Does
getent passwd linuxuser2(a)vuwtest.ac.nz
work on this system?
bye, Sumit
Jun 9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user linuxuser2(a)vuwtest.ac.nz [preauth] Jun 9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user unknown Jun 9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67 Jun 9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the underlying authentication module for illegal user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 Jun 9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 Jun 9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxuser2(a)vuwtest.ac.nz from 10.100.32.67 port 53880 ssh2 [preauth] 8><---
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure