2

Looking for some troubleshooting help here.

I am trying to be able to authenticate AD users on a Centos7 cluster. For testing this, I am setting up a Windows Server 2012 R2 and the cluster in Azure.

I have carefully followed the instructions here (Active_Directory_trust_setup) with one modification:

  • I believe the dnscmd command as listed does not set up conditional forwarding correctly. I use the Windows GUI and get the correct result. (At least the nslookup and dig commands give the right answers.)

The behavior I have now is:

  • ipa trust-show shows the trust
  • ipa trustdomain-find finds the one entry
  • getent passwd mrtest@ddaddad.internal works and shows correct information
  • su mrtest@ddaddad.internal requests a password and returns "Authentication failure"
  • ssh of mrtest to the Linux box also fails authentication

I don't know where to look to figure out what I have done wrong.

ddnamaste
  • 21
  • 2
  • I still could use help understanding where to look to figure out what is going wrong. I did figure out what was wrong in my case. The AD had two IP addresses: one for its NIC and one for the tunnel connecting it to my cluster. I think the problem was that when resolving _ldap._tcp.ad_domain, the NIC IP was returned to the ipa server in the cluster. That IP was inaccessible to the ipa server. Removing the tunnel and connecting the networks made it work. – ddnamaste Mar 07 '17 at 22:24

0 Answers0