We help IT Professionals succeed at work.

AD User Authentication in RHEL7 - setups with multiple domains in a trusted environment

81 Views
Last Modified: 2017-07-31
I have successfully joined RHEL7 into Windows AD "TEX". Now I want to allow users from AD "CAL" log into this RHEL7.

"TEX" trusts "CAL" and I have no issues with Windows instances joined "TEX" domain.  

krb5.conf - has info about both ADs  
resolv.conf  - to search  CAL ,TEX has info about proper nameservers
nsswitch.conf - pointed to sssd

I can "kinit user1@CAL.COM and "realm discover CAL"

See following error in /var/log/secure:
 carrot101 sshd[27645]: Invalid user user1@CAL from 1.1.1.1
 carrot101 sshd[27645]: input_userauth_request: invalid user user1@CAL [preauth]

What could be a problem ?
Comment
Watch Question

arnoldEE Topic Advisor, IT Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Like any setup of such means, the system is a member of a single domain, the name servers on the DC to which this system belong has to handle the forwarding of credentials.

Potentially having the trusted domain zones as stubs on the local DC.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Solution I found is completely covers my needs
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.