<div>
Like any setup of such means, the system is a member of a single domain, the name servers on the DC to which this system belong has to handle the forwarding of credentials. <br />
<br />
Potentially having the trusted domain zones as stubs on the local DC.
</div>


Like any setup of such means, the system is a member of a single domain, the name servers on the DC to which this system belong has to handle the forwarding of credentials.

Potentially having the trusted domain zones as stubs on the local DC.

<div>
Solution I found is completely covers my needs
</div>


Solution I found is completely covers my needs

<div>
<div class="content wysiwyg-content">
I have successfully joined RHEL7 into Windows AD &quot;TEX&quot;. Now I want to allow users from AD &quot;CAL&quot; log into this RHEL7.<br />
<br />
&quot;TEX&quot; trusts &quot;CAL&quot; and I have no issues with Windows instances joined &quot;TEX&quot; domain. &nbsp; <br />
<br />
krb5.conf - has info about both ADs &nbsp;<br />
resolv.conf &nbsp;- to search &nbsp;CAL ,TEX has info about proper nameservers <br />
nsswitch.conf - pointed to sssd <br />
<br />
I can &quot;kinit user1@CAL.COM and &quot;realm discover CAL&quot; <br />
<br />
See following error in /var/log/secure:<br />
&nbsp;carrot101 sshd[27645]: Invalid user user1@CAL from 1.1.1.1<br />
&nbsp;carrot101 sshd[27645]: input_userauth_request: invalid user user1@CAL [preauth]<br />
<br />
What could be a problem ?
</div>
</div>


I have successfully joined RHEL7 into Windows AD "TEX". Now I want to allow users from AD "CAL" log into this RHEL7.

"TEX" trusts "CAL" and I have no issues with Windows instances joined "TEX" domain.   

krb5.conf - has info about both ADs  
resolv.conf  - to search  CAL ,TEX has info about proper nameservers 
nsswitch.conf - pointed to sssd 

I can "kinit user1@CAL.COM and "realm discover CAL" 

See following error in /var/log/secure:
 carrot101 sshd[27645]: Invalid user user1@CAL from 1.1.1.1
 carrot101 sshd[27645]: input_userauth_request: invalid user user1@CAL [preauth]

What could be a problem ?

AD User Authentication in RHEL7 - setups with multiple domains in a trusted environment

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Redhat

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.