Bug 821962 - sssd: "Could not start TLS encryption"
Summary: sssd: "Could not start TLS encryption"
Keywords:
Status: CLOSED DUPLICATE of bug 821966
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-15 21:50 UTC by Andrew McNabb
Modified: 2012-05-15 22:43 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-15 22:43:25 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
sssd.conf (615 bytes, application/octet-stream)
2012-05-15 21:50 UTC, Andrew McNabb 		no flags Details
View All

Description Andrew McNabb 2012-05-15 21:50:43 UTC 
Created attachment 584794 [details]
sssd.conf

In Fedora 17, authentication with sssd and ldap isn't quite working right. For example, SSH public keys don't work, and passwords only work sometimes. I think it might be related to an error message:

May 15 15:15:27 testvm sssd[be[LDAP]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

On Fedora 16 with the same LDAP server and same configuration files, it works without any problems and without the error message. On Fedora 17, the version is sssd-1.8.3-11.fc17.x86_64. The config file explicitly specifies a 
ldap_tls_cacert file.

I am attaching the sssd.conf file in case this is helpful. Is there any other information I can provide?
Comment 1 Andrew McNabb 2012-05-15 22:17:42 UTC 
By the way, if I set `ldap_tls_reqcert = allow`, then password authentications work every time.
Comment 2 Andrew McNabb 2012-05-15 22:43:25 UTC 
Sorry, this is actually a bug in Anaconda, not sssd. Stupid selinux. :(

*** This bug has been marked as a duplicate of bug 821966 ***
Note You need to log in before you can comment on or make changes to this bug.