Join Log in
Score:0
avatar Server

Linux server joined to child AD domain unable to authenticate users from parent domain

ng flag
dan9k1

I have an Ubuntu 20.04 server that I have successfully joined to my domain using realm, US.EXAMPLE.COM.

The way our AD is structured is that all machines are joined to the child domain for their region and all users are setup in the parent domain, EXAMPLE.COM. With full trust, etc, of course.

I can successfully look up users in the US.EXAMPLE.COM domain with id or getent passwd, but cannot look up any users in the parent EXAMPLE.COM domain.

I can successfully kinit to the parent domain.

I have tried adding capaths to the krb5.conf as well as adding the parent domain to the sssd.conf file like this:

[domain/EXAMPLE.com]
inherit_from = US.EXAMPLE.com
id_provider = ad
debug_level = 7
krb5_validate = False

The closest I seem to get is an error message saying the server isn't found in the parent domain's Kerberous DB.

Client 'host/[email protected]' not found in Kerberos database

Surely there is a way to use the existing trust to let the machine joined to the child domain authenticate users from the parent domain?

112
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.