IdM - AD trust : ssh with an AD account fails

Posted on

I configured a 1 way trust relationship from IdM to an AD.
I created an external group, added an AD group
Then created a local POSIX group, added the external group.
I also created a HBAC rule to allow the POSIX group to ssh to the target workstation.

From a workstation connected to IdM, I get the following result when I hit : id
uid=167644279( gid=167644279( groups=167644279(,167616854(

When I try to ssh, I get this :
pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
Sep 09 05:12:22 sshd[2351]: pam_sss(sshd:auth): received for user 6 (Permission denied)
Sep 09 05:12:24 sshd[2351]: Failed password for from x.x.x.x port 65452 ssh2
Of course I double checked the password.