Tenemos un servidor Ubuntu 18.4 unido al dominio secundario. Puedo conectarme al servidor con una cuenta de dominio secundario, pero no con una cuenta de dominio principal.

Aquí está mi krb5.conf

[libdefaults]
        default_realm = DOMAIN.LOCAL
        ticket_lifetime = 24h #
        renew_lifetime = 7d
        rdns = false
        dns_lookup_kdc = true

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log

[realms]
CHILD.DOMAIN.LOCAL = {
kdc = DC.CHILD.DOMAIN.LOCAL
}

DOMAIN.LOCAL = {
kdc = DC.DOMAIN.LOCAL
}

getent genera la cadena para los dominios principal y secundario. la confianza entre dominios está habilitada y puedo iniciar sesión en el dominio secundario con el principal en los servidores de Windows, pero obtengo 'Acceso denegado' cuando intento ssh a Linux

klist -kt
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 10/29/21 17:21:08 [email protected]
   2 10/29/21 17:21:08 [email protected]
   2 10/29/21 17:21:08 [email protected]
   2 10/29/21 17:21:08 [email protected]
   2 10/29/21 17:21:08 [email protected]
   2 10/29/21 17:21:08 [email protected]
   2 10/29/21 17:21:08 host/[email protected]
   2 10/29/21 17:21:08 host/[email protected]
   2 10/29/21 17:21:08 host/[email protected]
   2 10/29/21 17:21:08 host/[email protected]
   2 10/29/21 17:21:08 host/[email protected]
   2 10/29/21 17:21:08 host/[email protected]
   2 10/29/21 17:21:08 RestrictedKrbHost/[email protected]
   2 10/29/21 17:21:08 RestrictedKrbHost/[email protected]
   2 10/29/21 17:21:08 RestrictedKrbHost/[email protected]
   2 10/29/21 17:21:08 RestrictedKrbHost/[email protected]
   2 10/29/21 17:21:08 RestrictedKrbHost/[email protected]
   2 10/29/21 17:21:08 RestrictedKrbHost/[email protected]
no answer