Created attachment 584794 [details]
In Fedora 17, authentication with sssd and ldap isn't quite working right. For example, SSH public keys don't work, and passwords only work sometimes. I think it might be related to an error message:
May 15 15:15:27 testvm sssd[be[LDAP]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
On Fedora 16 with the same LDAP server and same configuration files, it works without any problems and without the error message. On Fedora 17, the version is sssd-1.8.3-11.fc17.x86_64. The config file explicitly specifies a
I am attaching the sssd.conf file in case this is helpful. Is there any other information I can provide?
By the way, if I set `ldap_tls_reqcert = allow`, then password authentications work every time.
Sorry, this is actually a bug in Anaconda, not sssd. Stupid selinux. :(
*** This bug has been marked as a duplicate of bug 821966 ***