Cross domain trust RH IdM to AD RHEL OK, other linux distro problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have RH's version of freeipa (ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64) working fine.   RHEL8, RHEL7, Debian10.9, Ubuntu20LTS and Centos7 clients  work perfectly OK to IPA OK for users in IPA..

For the cross domain trust however only RHEL8 and RHEL7 work.  Debian10.9, Ubuntu20LTS and Centos7 fail for the AD user who cannot ssh in..

Is there any config I need to do to get 3rd party Linux to work with a trust?  Just wondering if I have missed a package? config?  steps?

or does it just not work?

rhel7 secure log showing success,

8><----
Jun  9 16:40:55 rhel7a sshd[9339]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=v1.ods.vuw.ac.nz user=linuxuser2@xxxxxxxxxxxxx
Jun  9 16:41:04 rhel7a sshd[9336]: Accepted keyboard-interactive/pam for linuxuser2@xxxxxxxxxxxxx from 10.100.32.67 port 48
Jun  9 16:41:04 rhel7a sshd[9336]: pam_unix(sshd:session): session opened for user linuxuser2@xxxxxxxxxxxxx by (uid=0)
[root@rhel7a ~]#
8><---


centos7 secure log,

8><---
[root@centos7a ~]# tail -50f /var/log/secure
Jun  9 17:15:24 centos7a sshd[1812]: Invalid user linuxuser2@xxxxxxxxxxxxx from 10.100.32.67 port 53880
Jun  9 17:15:24 centos7a sshd[1812]: input_userauth_request: invalid user linuxuser2@xxxxxxxxxxxxx [preauth]
Jun  9 17:15:24 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxuser2@xxxxxxxxxxxxx from 10.100.32.67 port 53880 ssh2 [preauth]
Jun  9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): check pass; user unknown
Jun  9 17:15:35 centos7a sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.100.32.67
Jun  9 17:15:37 centos7a sshd[1812]: error: PAM: User not known to the underlying authentication module for illegal user linuxuser2@xxxxxxxxxxxxx from 10.100.32.67
Jun  9 17:15:37 centos7a sshd[1812]: Failed keyboard-interactive/pam for invalid user linuxuser2@xxxxxxxxxxxxx from 10.100.32.67 port 53880 ssh2
Jun  9 17:15:37 centos7a sshd[1812]: Postponed keyboard-interactive for invalid user linuxuser2@xxxxxxxxxxxxx from 10.100.32.67 port 53880 ssh2 [preauth]
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux