On Thu, Apr 20, 2017 at 05:08:02PM +0200, Troels Hansen wrote: > I'm trying to force SSSD to only communicate encrypted, because of company > rules. > I think i'm missing something: > > SSSD configured with: id_provider = ad > > and DNS service resolution is enabled (default) > > I have tried about every combination of: > > ldap_id_use_start_tls = true > ldap_service_port = 636 > ldap_tls_reqcert = allow > > in sssd.conf [domain] section. > However, I can see SSSD LDAP connection over port 389. > > # netstat -tanp | grep sssd_be > tcp 0 0 172.16.5.202:53520 172.16.1.241:389 ESTABLISHED 18080/sssd_be > > Have I just missed something? > Do I need to pull the certificates from AD to make it work. I'm not really > interested in verifying the certificates but only ensuring an encrypted > channel. >
sssd-ad already uses gssapi to encrypt the communication. You don't need to add any more manual configuration. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
