On (24/10/16 16:04), Sascha Frey wrote:
Hi list,
I have some trouble with sssd after upgrading from Debian Jessie
(stable) to Stretch (testing).
I'm using sssd with LDAP (OpenLDAP servers running Debian Jessie) for
NSS and PAM.
NSS works just fine. getent passwd|group does return all users and
groups stored in LDAP.
PAM doesn't work. I get this error in the log:
[sssd[be[LDAP]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server
'ldap2.Domain.TLD' as 'working'
[sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as:
uid=someuser,ou=user,dc=Sub,dc=Domain,dc=TLD
[sssd[be[LDAP]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact
LDAP server]
/var/log/auth.log:
sshd[13510]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=192.168.200.11 user=someuser
sshd[13510]: pam_sss(sshd:auth): received for user someuser: 4 (System error)
Old version: 1.11.7-3 (Debian)
New version: 1.14.1-1 (Debian)
It's known bug
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840617
https://fedorahosted.org/sssd/ticket/3189
You might to downgrade to 1.13.x on testing
I am tring to reproduce it.
Could you tell me what kind/version of LDAP server do you use?
If you have an openLDAP then could you try to reproduce with
freeIPA or Active Directory?
LS