Hi, I have a server running ApacheDS with both SSL and TLS enabled with a valid keystore. It allows me to connect via other ldap clients on both SSL and StartTLS and I’m able to use Kerberos from the client machine.
However, when I configure sssd on a client machine to use ldap and use the ApacheDS as it’s provider, it fails with the message (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): domain: AUTOMATON.UK (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): user: aaron.jenkins (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): service: login (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): tty: /dev/pts/15 (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): ruser: (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): rhost: (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): authtok type: 1 (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): priv: 1 (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [pam_print_data] (0x0100): cli_pid: 9586 (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_resolve_server_process] (0x0200): Found address for server ds.automaton.uk: [10.211.55.27] TTL 7200 (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [sdap_sys_connect_done] (0x0100): Executing START TLS (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [sdap_connect_done] (0x0080): START TLS result: Success(0), (null) (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [sdap_connect_done] (0x0080): ldap_install_tls failed: [Connect error] [(unknown error code)] (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_set_port_status] (0x0100): Marking port 10389 of server 'ds.automaton.uk' as 'not working' (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_pam_handler_callback] (0x0100): Backend returned: (1, 9, <NULL>) [Provider is Offline (Authentication service cannot retrieve authentication info)] (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_pam_handler_callback] (0x0100): Sending result [9][AUTOMATON.UK] (Thu Nov 13 19:19:50 2014) [sssd[be[AUTOMATON.UK]]] [be_pam_handler_callback] (0x0100): Sent result [9][AUTOMATON.UK] My sssd configuration is as follows: [sssd] config_file_version = 2 services = nss, pam domains = AUTOMATON.UK debug_level = 5 [domain/AUTOMATON.UK] debug_level = 5 cache_credentials = true id_provider = ldap auth_provider = ldap ldap_uri = ldap://ds.automaton.uk:10389 ldap_search_base = dc=automaton,dc=uk chpass_provider = ldap entry_cache_timeout = 600 ldap_network_timeout = 2 The search base and the uri is correct as it works with other things. Do you guys have any idea what could be going wrong?
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
