Hello,

I'm trying to login on a machine from domain2 (machine is joined in domain2) using a user from domain1, but it keeps failing. Also, using pbis I can login without problems.

Users from domain2 can login successfully. Also, I can login on machines registered in domain1 using the same user.

Most probably it fails because of this error:

Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]

Maybe someone can take a look at the attached logs and give me a hint on what is wrong?

sssd says domain1 is a subdomain for domain2:

(Wed Oct 15 08:42:35 2014) [sssd[pam]] [new_subdomain] (0x0400): Creating [domain1.net] as subdomain of [domain2.net]!
(Wed Oct 15 08:42:35 2014) [sssd[pam]] [new_subdomain] (0x0400): Creating [ie-aws.domain2.net] as subdomain of [domain2.net]!

Configuration:

authconfig --enablesssd --enablesssdauth --enablemkhomedir --update --disableldaptls --enableldap --enablelocauthorize --update

sssd version: 1.12.1-2.el7.centos

sssd.conf:
[sssd]
services = nss, pam
config_file_version = 2
domains = optymyze.net
override_space = ^

[domain/optymyze.net]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
dyndns_update = false
create_homedir = true
override_homedir = /home/%d/%u
override_shell = /bin/bash
timeout = 3600
[pam]
timeout = 3600
[nss]
timeout = 3600