Re: help troubleshooting AD auth issue with FreeIPA - FreeIPA-users - Fedora mailing-lists

20 Sep 2023

      Ostrom, Erik via FreeIPA-users wrote:
...
Hi,
I've got a fresh FreeIPA server running on Rocky 9, and I'm having
trouble diagnosing issues with a one way incoming external trust with an
active directory server.
It looks like the trust is properly created on both sides and verified,
but when I try to log in with an AD user to the FreeIPA server via SSH,
I get permission denied (after asking for my password 3 times). I'm also
having trouble finding where any of this login process is being logged
on the FreeIPA side.
Could I get some help figuring out where to look for logs related to
this failed AD login and how to troubleshoot a failure like this?
I'd suggest starting with https://sssd.io/troubleshooting/basics.html
rob
...
IPA server details:
[root@freeipa1 ~]# ipa --version
VERSION: 4.10.1, API_VERSION: 2.251
[root@freeipa1 ~]# cat /etc/*release*
NAME="Rocky Linux"
VERSION="9.2 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Rocky Linux release 9.2 (Blue Onyx)
Rocky Linux release 9.2 (Blue Onyx)
Derived from Red Hat Enterprise Linux 9.2
Rocky Linux release 9.2 (Blue Onyx)
cpe:/o:rocky:rocky:9::baseos
[root@freeipa1 ~]#
Thanks,
Erik

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue