andrey_chevron
asked on
AD User Authentication in RHEL7 - setups with multiple domains in a trusted environment
I have successfully joined RHEL7 into Windows AD "TEX". Now I want to allow users from AD "CAL" log into this RHEL7.
"TEX" trusts "CAL" and I have no issues with Windows instances joined "TEX" domain.
krb5.conf - has info about both ADs
resolv.conf - to search CAL ,TEX has info about proper nameservers
nsswitch.conf - pointed to sssd
I can "kinit user1@CAL.COM and "realm discover CAL"
See following error in /var/log/secure:
carrot101 sshd[27645]: Invalid user user1@CAL from 1.1.1.1
carrot101 sshd[27645]: input_userauth_request: invalid user user1@CAL [preauth]
What could be a problem ?
"TEX" trusts "CAL" and I have no issues with Windows instances joined "TEX" domain.
krb5.conf - has info about both ADs
resolv.conf - to search CAL ,TEX has info about proper nameservers
nsswitch.conf - pointed to sssd
I can "kinit user1@CAL.COM and "realm discover CAL"
See following error in /var/log/secure:
carrot101 sshd[27645]: Invalid user user1@CAL from 1.1.1.1
carrot101 sshd[27645]: input_userauth_request: invalid user user1@CAL [preauth]
What could be a problem ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solution I found is completely covers my needs
Potentially having the trusted domain zones as stubs on the local DC.