Hi all, I've done a fresh test, using a new Ubuntu 20.04 server updated today. Results were the same as I first reported back in March 2021. Although this time I am using the latest available SSSD (2.2.3-3ubuntu0.8) and adcli (0.9.0-1ubuntu0.20.04.1) packages. When setting ad_use_ldaps I still got the unhelpful "Could not start TLS encryption. (unknown error code)" returned. I also tried Snakekicks suggestion for ldap_tls_cipher_suite, but unfortunately that did not resolve my issue.
I took this Ubu 20.04 server and did an in-place upgrade to 21.04. Surprisingly I could log onto the upgraded server with no changes to my Ubuntu 20.04 SSSD config files (and repeated with emptying the SSSD cache, restarting SSSD). The latest available SSSD (2.4.0-1ubuntu6.1) and adcli (0.9.0-1ubuntu2) packages for 21.04 were used. However when adding ad_use_ldaps to sssd.conf and restarting sssd.service I again got "Could not start TLS encryption. (unknown error code)" returned along with identical errors in the logs (debug_level = 4). I think the problem is somewhere within my root cert-to-AD-server and/or the way Ubuntu is interpreting the response back from the AD server. But as mentioned earlier, my RH servers using the same root cert with ad_use_ldaps do not have this issue. An annoying issue... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921494 Title: ldap_install_tls occasionally fails due to watchdog timeout when using ad_use_ldaps with tls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1921494/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
