There is an article on Red Hat's website about authenticating to two different, un-trusted active directory domains. If you have a login, you should be able to see it:
https://access.redhat.com/solutions/3073511
Is there a reason you are trying to join the machine to both domains? Is your child domain in a trust relationship with the parent? If so, you only need to be joined to the parent.
Once that is figured out, you should add 'debug_level = 9' to the domain section of sssd.conf, restart the service and then reproduce the issue before checking the domain logs within /var/log/sssd.
Jakub's blog gives an overview of the user
lookup process and should guide you to identifying further
what the main issue is:
https://jhrozek.wordpress.com/2015/03/11/anatomy-of-sssd-user-lookup/
I'm trying to get my system to accept logins from both the child domain it is a part of, and my campuses parent domain, where most user accounts are stored. I have added both domains to the sssd.conf and the krb5.conf files. (Perhaps incorrectly) The child domain authenticates fine, the parent domain does not. Oddly, the system seems to connect to AD well enough, as the login screen translates the account name to the users full name, and I receive this in the secure log: Jun 13 13:05:40 host-univ-school-edu gdm-password]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=sysuser@univ.school.edu Jun 13 13:05:40 host-univ-school-edu gdm-password]: pam_sss(gdm-password:account): Access denied for user sysuser@univ.school.edu: 6 (Permission denied) Jun 13 13:10:55 host-univ-school-edu gdm-password]: gkr-pam: no password is available for user Any help is appreciated. Let me know if i should attach any files. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org