Hello Sergio, Hello Matthew thanks for your help and the time you invest. But my configuration is a bit different from the creator of this ticket. We have only the same error message ;( Sorry if that didn't come across clearly in the past. I can't and didn't want to connect to this domain, we only use sssd with ldap as provider I sent you my sssd.conf last week, but here is the relevant part
[sssd] config_file_version = 2 domains = xxx services = nss,pam,ssh reconnection_retries = 3 #debug_level = 5 [pam] [nss] filter_users = bin,daemon,ftp,games,haldaemon,lp,mail,messagebus,nobody,ntp,polkituser,postfix,root,sshd,wwwrun,at,dergraf,abix,amboscl,sysnrpe,dnsmasq,hpsmh,ambosrtu,vmon,man,news,uucp filter_groups = root,bin,daemon,sys,tty,disk,lp,www,kmem,wheel,mail,news,uuscp,shadow,dialout,audio,floppy,cdrom,console,utmp,public,video,games,xok,trusted,modem,ftp,man,users,nobody,nogroup,messagebus,haldaemon,sshd,tape,postfix,maildrop,polkituser,ntp,at,dergraf,abix,amboscl,sysnrpe,hpsmh,ambosrtu,vmon,winbind,ntadmin [domain/xxx] #debug_level = 7 id_provider = ldap auth_provider = ldap chpass_provider = ldap access_provider = simple ldap_uri = ldaps://xx.xx.de:636, ldap_search_base = dc=xx,dc=xx,dc=xx ldap_schema = ad ldap_id_mapping = True fallback_homedir = /home/%u@%d default_shell = /bin/bash ldap_idmap_range_min = 100000000 ldap_idmap_range_max = 2100000000 ldap_idmap_range_size = 2000000000 ldap_idmap_default_domain_sid = S-1-5-21-32142354-212345234-839522115 ldap_idmap_default_domain = xx.xx.de enumerate = False ignore_group_members = True ldap_idmap_autorid_compat = True ldap_default_bind_dn = xxx ldap_default_authtok_type = obfuscated_password ldap_default_authtok = xxx use_fully_qualified_names = False case_sensitive = false ldap_tls_cacertdir = /etc/ssl/certs #ldap_tls_cacert = /etc/ssl/certs/Domain-Root.crt ldap_id_use_start_tls = True ldap_tls_reqcert = demand ldap_tls_cipher_suite = ECDHE-RSA-AES256-GCM-SHA384 simple_allow_groups = xxx sudo_provider = ldap autofs_provider = ldap resolver_provider = ldap I try differtent settings with ldap_tls_cacertdir or ldap_tls_cacer (only the domain root crt or the ca-certificates.crt but it ends with the same error the same with different ldap_tls_reqcert settings I have attached a screenshot of the working ldapsearch ( ldapsearch -x -b "dc=xx,dc=xx,dc=xx" -H ldaps://xx.xx.xx:636 -D user@domain -W "objectclass=*" -d1 ** Attachment added: "ldap_search.JPG" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1921494/+attachment/5534569/+files/ldap_search.JPG -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921494 Title: ldap_install_tls occasionally fails due to watchdog timeout when using ad_use_ldaps with tls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1921494/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
