On 15.10.2016 04:55, Roberto C. Sánchez wrote: > On Thu, Oct 13, 2016 at 11:51:52AM +0200, Francesco Malvezzi wrote: >> Package: sssd-ldap >> Version: 1.14.1-1 >> Severity: important >> >> Dear Maintainer, >> >> pam-sss doesn't allow login to LDAP users: >> > > I too am affected by this. I just installed stretch on a new laptop (I > need the newer kernel for hardware support) and when I configured sssd > it simply didn't work. All my other machines (running jessie) work > fine. I don't use LDAP for authentication (Kerberos handles that for > me), but I do use it for user information. So, getent and id would not > work. The problem (on the LDAP side) manifested itself by terminating > the connection with this message: "An unexpected TLS packet was > received". > > I obtained the 1.13.4-3 packages of the various sssd components and > after I installed them everything worked. > > If there is something I can do to help identify the problem, please let > me know.
this is filed upstream https://fedorahosted.org/sssd/ticket/3189 " The pristine log actually looks like if sssd was crashing..could you please check for sssd_be crashes in the syslog? The failure in the "revert" log doesn't tell me much except that sssd is thinking it cannot contact the LDAP server. Here I would like to ask for strace logs, as described in https://fedorahosted.org/sssd/wiki/DevelTips#UsingstracetotracktheSSSDprocesses " So could you provide such logs? Here or on the upstream ticket. -- t