Mike Conner via FreeIPA-users wrote: > The certificate for the AD secure ldap server is also current > (ad.domain.edu:636).
It would only be binding to IPA for ipa-getkeytab. I don't know how sssd invokes it. But you should be able to see a failed TLS connection in the 389-ds logs which could help point the way. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure