Hello,
Here is my problem :
I added a Rocky Linux 9 in an Active Directory domain (lolo.loc) using realmd and sssd. I can connect to it using ssh with an AD user. But I want to be able to connect to it with a user from a different AD (lulu.loc). There is an unidirectional trust established between the two domains that allows users from lulu.loc to access resources of lolo.loc.
But it does not work. When I run on the Linux server id user@lulu.loc
it returns id: ‘user@lulu.loc’: no such user
. There is the output in /var/log/secure
when I try to access with user@lulu.loc.
Dec 17 14:29:13 rocky sshd[2555]: Invalid user user@lulu.loc from 10.10.10.10 port 60111
Dec 17 14:29:35 rocky sshd[2555]: pam_unix(sshd:auth): check pass; user unknown
Dec 17 14:29:35 rocky sshd[2555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.10.10
I tried to establish the trust in the other direction, after that i can find the user with id user@lulu.loc
but i can’t connect to the Linux with ssh.
I also tried a bidirectional trust and it works, bur for security reasons I can’t do that. I need to be able to connect to the Linux with user@lulu.loc using the original trust.
Here is the sssd config file of the Linux :
[sssd]
domains = lolo.loc
config_file_version = 2
services = nss, pam
[domain/lolo.loc]
default_shell = /bin/bash
krb5_store_password_if_offline = False
cache_credentials = False
krb5_realm = LOLO.LOC
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = lolo.loc
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
Can someone knows a solution for my problem ?
I you wan’t further explanation don’t hesitate.
Thanks.