Thanks both Jakub and Stephen
That explains it..... It didn't seem really clear from the man pages and looking at
the SSSD log's didn't seem to reveal it either, so I guess its just one of those
things that you need to know.
----- On Apr 20, 2017, at 5:18 PM, Jakub Hrozek jhrozek(a)redhat.com wrote:
On Thu, Apr 20, 2017 at 05:08:02PM +0200, Troels Hansen wrote:
> I'm trying to force SSSD to only communicate encrypted, because of company
> I think i'm missing something:
> SSSD configured with: id_provider = ad
> and DNS service resolution is enabled (default)
> I have tried about every combination of:
> ldap_id_use_start_tls = true
> ldap_service_port = 636
> ldap_tls_reqcert = allow
> in sssd.conf [domain] section.
> However, I can see SSSD LDAP connection over port 389.
> # netstat -tanp | grep sssd_be
> tcp 0 0 172.16.5.202:53520 172.16.1.241:389 ESTABLISHED 18080/sssd_be
> Have I just missed something?
> Do I need to pull the certificates from AD to make it work. I'm not really
> interested in verifying the certificates but only ensuring an encrypted
sssd-ad already uses gssapi to encrypt the communication. You don't need
to add any more manual configuration.
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Med venlig hilsen
T (+45) 70 20 10 63
M (+45) 22 43 71 57
Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.