I have machine that is joined to the Domain A and it is able to authenticate fine the users in that domain. The default domain realm in kerberos is the Domain A.
However, I'm unable to authenticate against the domain B which should have a two way trust relationship. The users in domain B only show as invalid users. And in the sssd logs I get "[sysdb_search_by_name] (0x0400): No such entry"
Here is the sssd configuration. I don't have domain B configured here, is it required when it is in the same forest?
Also something to note is that I'm using Windows Active Directory.
domains = DomainA
config_file_version = 2
services = nss, pam, sudo, ssh
pam_pwd_expiration_warning = 200
pam_account_expired_message = Account/password expired, please use selfservice portal to change your password and extend account.
debug_level = 6
ad_domain = domaina.local
krb5_realm = domaina.local
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
auth_provider = ldap
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
ldap_idmap_default_domain_sid = set
subdomains_provider = none
use_fully_qualified_names = False
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities,url
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
fallback_homedir = /home/%u
access_provider = simple
simple_allow_groups = groupa, groupb