Hi all,
I've set up two FreeIPA servers without CA (I provided 3rd party certificates during
the installation process). I also established trust to an AD domain as below:
ipa trust-add --type=ad AD.DOMAIN --external=True --all
I checked that I can successfully obtain cross-realm ticket (kvno -S host ...) as
described below:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
I also can ssh to either of the two FreeIPA servers as user(a)ad.domain.
However, when I configured FreeIPA client and tried to ssh into it / su inside it as the
same ad user then it fails (I cannot ssh, when I try to su - as the ad user it fails with
user(a)ad.domain does not exist.
I increased sssd log level on both client and servers but I cannot find anything spooky
there (but I might as well not know what to look for :)).
Can someone please advise on how to narrow this down?