Welcome to the Centrify Express forums.
Thanks for providing the information. This is a great example on how to provide background information on a post.
I just installed a RHEL 7.2 system in one of my test environments and was unable to reproduce. Granted, I only have one domain (not a child domain like your outputs suggest).
Here's the installation (note that I installed Centrify-enhanced OpenSSH)
# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo)
# yum install centrifydc-5.3.1-rhel4-x86_64.rpm centrifydc-openssh-7.2p2-5.3.1-rhel4-x86_64.rpm -y Loaded plugins: product-id, search-disabled-repos, subscription-manager Examining centrifydc-5.3.1-rhel4-x86_64.rpm: CentrifyDC-5.3.1-398.x86_64 Marking centrifydc-5.3.1-rhel4-x86_64.rpm to be installed Examining centrifydc-openssh-7.2p2-5.3.1-rhel4-x86_64.rpm: CentrifyDC-openssh-7.2p2-5.3.1.391.x86_64 Marking centrifydc-openssh-7.2p2-5.3.1-rhel4-x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package CentrifyDC.x86_64 0:5.3.1-398 will be installed ---> Package CentrifyDC-openssh.x86_64 0:7.2p2-5.3.1.391 will be installed --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================== Installing: CentrifyDC x86_64 5.3.1-398 /centrifydc-5.3.1-rhel4-x86_64 80 M CentrifyDC-openssh x86_64 7.2p2-5.3.1.391 /centrifydc-openssh-7.2p2-5.3.1-rhel4-x86_64 4.5 M Transaction Summary =============================================================================================================================================================== Install 2 Packages Total size: 85 M Installed size: 85 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : CentrifyDC-5.3.1-398.x86_64 1/2 Installing : CentrifyDC-openssh-7.2p2-5.3.1.391.x86_64 2/2 Verifying : CentrifyDC-openssh-7.2p2-5.3.1.391.x86_64 1/2 Verifying : CentrifyDC-5.3.1-398.x86_64 2/2 Installed: CentrifyDC.x86_64 0:5.3.1-398 CentrifyDC-openssh.x86_64 0:7.2p2-5.3.1.391 Complete! # adjoin -w -c "ou=computers,ou=centrify" -u user centrify.vms user@CENTRIFY.VMS's password: Using domain controller: dc.centrify.vms writable=true Join to domain:centrify.vms, zone:Auto Zone successful Centrify DirectControl started. Loading domains and trusts information Initializing cache . You have successfully joined the Active Directory domain: centrify.vms in the Centrify DirectControl zone: Auto Zone You may need to restart other services that rely upon PAM and NSS or simply reboot the computer for proper operation. Failure to do so may result in login problems for AD users.
When trying to log in using PuTTY, no issues:
Using Kerberos authentication Using principal bootcamp.admin@CENTRIFY.VMS Got host ticket host/rhel72.centrify.vms@CENTRIFY.VMS login as bootcamp.admin@CENTRIFY.VMS BOOTCAMP This system is for authorized use and for training purposes. Successful Kerberos connection Created home directory [bootcamp.admin@rhel72 ~]$
I then removed Centrify-enhanced OpenSSH
yum erase CentrifyDC-openssh-7.2p2-5.3.1.391.x86_64 Loaded plugins: product-id, search-disabled-repos, subscription-manager Resolving Dependencies --> Running transaction check ---> Package CentrifyDC-openssh.x86_64 0:7.2p2-5.3.1.391 will be erased --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================== Removing: CentrifyDC-openssh x86_64 7.2p2-5.3.1.391 @/centrifydc-openssh-7.2p2-5.3.1-rhel4-x86_64 4.5 M Transaction Summary =============================================================================================================================================================== Remove 1 Package Installed size: 4.5 M Is this ok [y/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : CentrifyDC-openssh-7.2p2-5.3.1.391.x86_64 1/1 centrify | 2.9 kB 00:00:00 Verifying : CentrifyDC-openssh-7.2p2-5.3.1.391.x86_64 1/1 Removed: CentrifyDC-openssh.x86_64 0:7.2p2-5.3.1.391 Complete!
Retried again
Using Kerberos authentication Using principal bootcamp.admin@CENTRIFY.VMS Got host ticket host/rhel72.centrify.vms@CENTRIFY.VMS login as bootcamp.admin@CENTRIFY.VMS Successful Kerberos connection Last login: Thu Sep 29 11:30:45 2016 from 192.168.81.11
Can you confirm something for me? It seems you're using stock SSH. Can you test with Centrify-enhanced OpenSSH and report your findings?
We add a lot of optimizations for situations where you have multiple forests, child domains, etc.
R.P