Hello,

I'm trying to login on a machine from domain2 (machine is joined in domain2) using a user from domain1, but it keeps failing. Also, using pbis I can login without problems.

Users from domain2 can login successfully. Also, I can login on machines registered in domain1 using the same user.

Most probably it fails because of this error:

Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]

Maybe someone can take a look at the attached logs and give me a hint on what is wrong?

sssd says domain1 is a subdomain for domain2:

(Wed Oct 15 08:42:35 2014) [sssd[pam]] [new_subdomain] (0x0400): Creating [ domain1.net] as subdomain of [domain2.net]! (Wed Oct 15 08:42:35 2014) [sssd[pam]] [new_subdomain] (0x0400): Creating [ ie-aws.domain2.net] as subdomain of [domain2.net]!

Configuration: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update --disableldaptls --enableldap --enablelocauthorize --update

sssd version: 1.12.1-2.el7.centos

sssd.conf: [sssd] services = nss, pam config_file_version = 2 domains = optymyze.net override_space = ^

[domain/optymyze.net] id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad dyndns_update = false create_homedir = true override_homedir = /home/%d/%u override_shell = /bin/bash timeout = 3600 [pam] timeout = 3600 [nss] timeout = 3600