On Thu, 16 Aug 2012, Steve Thompson wrote:
I have successfully joined the client to the domain. Keytab is fine, kerberos works, ldapsearch works, etc. DNS is good. The machine entry in the DC database looks fine, and the userPrincipleName is correct. However, any attempt to look up a user (eg with getent, id, ssh login, etc) fails
I found the solution. Turns out that I had both the ldap_sasl_mech set to GSSAPI and ldap_id_use_start_tls set to true in the client's sssd configuration file. Turn off start_tls and everything starts working.
Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
