Are you able to connect without a Start TLS?

ldapsearch -x -h test.example.com -b dc=example,dc=com -w
supersecretpassphrase

If that works, then you have no ldap issues, and should be able to go
straight to getting sssd running with a keytab. If you want to test the
keytab, you can export it to a system, and run ..

kinit -kt /path/to/keytab

Then take a look to see if you have a ticket ...

klist

If you have a ticket, then you should be able to auth to the ldap server
using SASL

ldapsearch -Y GSSAPI -h test.example.com blah blah blah.

I have IPA setup with Ubuntu 12 clients, so I'm happy to lend a hand if you
need more information along the way.

Terry



On Tue, Dec 3, 2013 at 2:28 PM, Andrew Precht <andrewprech...@gmail.com>wrote:

> Hi IPA users,
> I'm having trouble getting the FreeIPA client to work in Ubuntu 12.04. I'm
> working my way through the Red Hat sssd troubleshooting guide:
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html
>
> When I try a:* ldapsearch -x -ZZ -h test.example.com
> <http://test.example.com> -b dc=example,dc=com*
>
> I get: *ldap_start_tls: Connect error (-11) additional info: (unknown
> error code)*
>
> I have copied the /etc/ipa/ca.crt from the ipa server to the ubuntu client
> and the sssd.conf has: *ldap_tls_cacert = /etc/ipa/ca.crt*
>
> My syslog file has no mention of a non-trusted certificate.
>
> Any ideas on where to look next?
>
> Thanks Andrew Precht
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>



-- 
Terry Soucy - Systems Engineer
Salesforce MarketingCloud - http://www.salesforce.com
(o) 506.631.7445 (c) 506.609.3247 | (e) tso...@salesforce.com
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to