IdM - AD trust : ssh with an AD account fails

Posted on

I configured a 1 way trust relationship from IdM to an AD.
I created an external group, added an AD group
Then created a local POSIX group, added the external group.
I also created a HBAC rule to allow the POSIX group to ssh to the target workstation.

From a workstation connected to IdM, I get the following result when I hit : id myUser@myAdDomain.com
uid=167644279(myUser@myAdDomain.com) gid=167644279(myUser@myAdDomain.com) groups=167644279(myUser@myAdDomain.com),167616854(group1.myAdDomain.com)

When I try to ssh, I get this :
pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=myUser@myAdDomain.com
Sep 09 05:12:22 ipa-client.myIDMdomain.lu sshd[2351]: pam_sss(sshd:auth): received for user myUser@myAdDomain.com: 6 (Permission denied)
Sep 09 05:12:24 ipa-client.myIDMdomain.lu sshd[2351]: Failed password for myUser@myAdDomain.com from x.x.x.x port 65452 ssh2
Of course I double checked the password.