Clients unable to resolve Trusted AD users
I have installed an IPA Server, created a replica agreement and set up a one way trust to our AD Forest. The IPA servers have integrated DNS and are in their own dns zone. This works as expected, I am able to log into the IPA servers with my AD account.
My issue is when setting up a client, I am able to use IPA users (ex. admin) but unable to authenticate/login with my AD account.
Running an HBAC test on the IPA server verified my AD user has access to the client. I can also successfully obtain a kerberos ticket for the AD users on my IPA client.
When I perform an id on the AD account from the IPA client I receive an
unknown user error
When I try to ssh, secure log shows, illegal user/unknown user to underlying authentication module.
These errors are in the sssd_domain_name.log
(Fri May 19 10:01:34 2017) [sssd[be[ipa.us.int.kn]]] [add_v1_user_data] (0x0040): find_domain_by_name failed.
(Fri May 19 10:01:34 2017) [sssd[be[ipa.us.int.kn]]] [s2n_response_to_attrs] (0x0040): add_v1_user_data failed.
(Fri May 19 10:01:34 2017) [sssd[be[ipa.us.int.kn]]] [ipa_s2n_get_user_done] (0x0040): s2n_response_to_attrs failed.
(Fri May 19 10:01:34 2017) [sssd[be[ipa.us.int.kn]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [12]: Cannot allocate memory.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
