linux

Centos server added to child domain. How to set up ssh access for an AD user from the root domain?

The Centos 7 server is added to the child domain filial.domain.loc. Access is configured for the AccessGroup group in the AD of the child domain. Trust between domains is two-way (it is by default). Users from the root domain have been added to the group, but access for users from the domain.loc root domain does not work.
An example of the /var/log/secure log:

Jul 27 09:48:11 CentOS7Server sshd[12076]: Invalid user Admin from 192.168.1.10 port 62127
Jul 27 09:48:11 CentOS7Server sshd[12076]: input_userauth_request: invalid user Admin [preauth]
Jul 27 09:48:16 CentOS7Server sshd[12076]: pam_unix(sshd:auth): check pass; user unknown
Jul 27 09:48:16 CentOS7Server sshd[12076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adminpc.domain.loc
Jul 27 09:48:18 CentOS7Server sshd[12076]: Failed password for invalid user Admin from 192.168.1.10 port 62127 ssh2

sssd config example:

[sssd]
domains = filial.domain.loc
config_file_version = 2
services = nss, pam

[domain/filial.domain.loc]
ad_domain = filial.domain.loc
krb5_realm = filial.domain.loc
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%[email protected]%d
access_provider = simple
simple_allow_groups = [email protected]
[pam]

How to set up shh access for AD users from domain.loc root domain?