Hello Matthew Hi Sergio, i have now tested Fedora 34 and it is working without delete ldap_tls_cipher_suite setting the only thing i change in the sssd.conf is
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt i have tested a fresh installed focal and yes the cipher suite parameter is the problem (when disabled it´s work) i attach the fedora log, and here i see the first time this: "is a secure channel. No need to run START_TLS" maybe this helps sssd.x86_64 2.5.2-2.fc34 @updates sssd-ad.x86_64 2.5.2-2.fc34 @updates sssd-client.x86_64 2.5.2-2.fc34 @updates sssd-common.x86_64 2.5.2-2.fc34 @updates sssd-common-pac.x86_64 2.5.2-2.fc34 @updates sssd-ipa.x86_64 2.5.2-2.fc34 @updates sssd-kcm.x86_64 2.5.2-2.fc34 @updates sssd-krb5.x86_64 2.5.2-2.fc34 @updates sssd-krb5-common.x86_64 2.5.2-2.fc34 @updates sssd-ldap.x86_64 2.5.2-2.fc34 @updates sssd-nfs-idmap.x86_64 2.5.2-2.fc34 @updates sssd-proxy.x86_64 2.5.2-2.fc34 @updates ** Attachment added: "sssd_xxx.xx.de.log" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1921494/+attachment/5534803/+files/sssd_xxx.xx.de.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921494 Title: ldap_install_tls occasionally fails due to watchdog timeout when using ad_use_ldaps with tls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1921494/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
