Bug 821962 - sssd: "Could not start TLS encryption"
Summary: sssd: "Could not start TLS encryption"
Status: CLOSED DUPLICATE of bug 821966
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 17
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2012-05-15 21:50 UTC by Andrew McNabb
Modified: 2012-05-15 22:43 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2012-05-15 22:43:25 UTC

Attachments (Terms of Use)
sssd.conf (615 bytes, application/octet-stream)
2012-05-15 21:50 UTC, Andrew McNabb
no flags Details

Description Andrew McNabb 2012-05-15 21:50:43 UTC
Created attachment 584794 [details]

In Fedora 17, authentication with sssd and ldap isn't quite working right. For example, SSH public keys don't work, and passwords only work sometimes. I think it might be related to an error message:

May 15 15:15:27 testvm sssd[be[LDAP]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

On Fedora 16 with the same LDAP server and same configuration files, it works without any problems and without the error message. On Fedora 17, the version is sssd-1.8.3-11.fc17.x86_64. The config file explicitly specifies a 
ldap_tls_cacert file.

I am attaching the sssd.conf file in case this is helpful. Is there any other information I can provide?

Comment 1 Andrew McNabb 2012-05-15 22:17:42 UTC
By the way, if I set `ldap_tls_reqcert = allow`, then password authentications work every time.

Comment 2 Andrew McNabb 2012-05-15 22:43:25 UTC
Sorry, this is actually a bug in Anaconda, not sssd. Stupid selinux. :(

*** This bug has been marked as a duplicate of bug 821966 ***

Note You need to log in before you can comment on or make changes to this bug.