We currently have a setup where our CentOS 7 servers are joined to a domain(we'll call it 1.example.com) via realm and we utilize sssd to have them authenticate against that domain. We have a need now for these same servers to be able to authenticate to more domains, 2.example.com and the parent domain of these, example.com. These domains have a trust relationship in place. Just starting to get the setup for 1.example.com and 2.example.com I have this for my sssd.conf setup. One thing I'm running into in this setup is after I login with an account from 1.example.com trying to do a sudo su - takes a very long time(90 seconds) and trying to login with a local user hangs for a long time as well(maybe 5 minutes) and gives me the below error. Any thoughts as to what may be happening? Let me know if I can provide any logging as well.
Code: Select all
Connection closed by UNKNOWN port 65535Code: Select all
[sssd]
domains = 1.example.com, 2.example.com
domain_resolution_order = 1.example.com, 2.example.com
config_file_version = 2
services = nss, pam
[domain/1.example.com]
ad_domain = 1.example.com
krb5_realm = 1.EXAMPLE.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
auto_private_groups = true
fallback_homedir = /home/%u
access_provider = simple
simple_allow_groups = ad_group_1
[domain/2.example.com]
ad_domain = 2.example.com
krb5_realm = 2.EXAMPLE.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
auto_private_groups = true
fallback_homedir = /home/%u
access_provider = simple
simple_allow_groups = ad_group_1Chris.