We have an Ubuntu 18.4 server joined to the child domain. I'm able to ssh to the server with child domain account but not with parent domain account.
Here is my krb5.conf
[libdefaults]
default_realm = DOMAIN.LOCAL
ticket_lifetime = 24h #
renew_lifetime = 7d
rdns = false
dns_lookup_kdc = true
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
[realms]
CHILD.DOMAIN.LOCAL = {
kdc = DC.CHILD.DOMAIN.LOCAL
}
DOMAIN.LOCAL = {
kdc = DC.DOMAIN.LOCAL
}
getent generates the string for both child and parent domains. cross domain trust is enabled and I'm able to login to child domain with parent on windows servers but I get 'Access Denied' when trying to ssh to linux
klist -kt
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
2 10/29/21 17:21:08 LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 host/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 host/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 host/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 host/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 host/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 host/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 RestrictedKrbHost/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 RestrictedKrbHost/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 RestrictedKrbHost/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 RestrictedKrbHost/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 RestrictedKrbHost/LINUX-HOST$@CHILD.DOMAIN.LOCAL
2 10/29/21 17:21:08 RestrictedKrbHost/LINUX-HOST$@CHILD.DOMAIN.LOCAL
