There is an article on Red Hat's website about authenticating to two
different, un-trusted active directory domains. If you have a login,
you should be able to see it:
https://access.redhat.com/solutions/3073511
Is there a reason you are trying to join the machine to both domains?
Is your child domain in a trust relationship with the parent? If so,
you only need to be joined to the parent.
Once that is figured out, you should add 'debug_level = 9' to the domain
section of sssd.conf, restart the service and then reproduce the issue
before checking the domain logs within /var/log/sssd.
Jakub's blog gives an overview of the user lookup process and should
guide you to identifying further what the main issue is:
https://jhrozek.wordpress.com/2015/03/11/anatomy-of-sssd-user-lookup/
On 06/13/2017 01:43 PM, acybulski(a)albany.edu wrote:
I'm trying to get my system to accept logins from both the child
domain it is a part of, and my campuses parent domain, where most user accounts are
stored. I have added both domains to the sssd.conf and the krb5.conf files. (Perhaps
incorrectly)
The child domain authenticates fine, the parent domain does not. Oddly, the system seems
to connect to AD well enough, as the login screen translates the account name to the users
full name, and I receive this in the secure log:
Jun 13 13:05:40 host-univ-school-edu gdm-password]: pam_sss(gdm-password:auth):
authentication success; logname= uid=0 euid=0 tty= ruser= rhost=
user=sysuser(a)univ.school.edu
Jun 13 13:05:40 host-univ-school-edu gdm-password]: pam_sss(gdm-password:account): Access
denied for user sysuser(a)univ.school.edu: 6 (Permission denied)
Jun 13 13:10:55 host-univ-school-edu gdm-password]: gkr-pam: no password is available for
user
Any help is appreciated. Let me know if i should attach any files.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org