Having successfully built a one-way trust between 2 AD domains, we can't lookup/id the user in the trusted domain.
Here's our use case.
- AD1: dom1.com (Win2k8 R2) - One-way outgoing trust to AD2
- AD2: dom2.com (Win2kr R2) - One-way incoming trust from AD1
- Linux1: member of AD1/dom1.com
- Can lookup User1: Linux1>$id AD1\User1 - OK
- Can't lookup User2 Linux1>$id AD2\User2 - Not OK.
- PAM and SSSD are working fine within AD1 domain.
I tried adding a domain entry in sssd.conf (eg. [domain/AD2]) but didn't help at all. Kerberos is working fine as per successful lookup of User1.
Appreciate your inputs to solve our issue.
/etc/sssd/sssd.conf
[sssd]
config_file_version = 2
debug_level = 0
domains = dom1.com, dom2.com
services = nss, pam
[domain/dom1.com]
id_provider = ad
access_provider = simple
simple_allow_groups = user_group
ldap_id_mapping = false
enumerate = true
[domain/dom2.com]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = simple
simple_allow_groups = user_group
ldap_id_mapping = false
enumerate = true
