Hi list,
I have some trouble with sssd after upgrading from Debian Jessie (stable) to Stretch (testing).
I'm using sssd with LDAP (OpenLDAP servers running Debian Jessie) for NSS and PAM.
NSS works just fine. getent passwd|group does return all users and groups stored in LDAP.
PAM doesn't work. I get this error in the log:
[sssd[be[LDAP]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ldap2.Domain.TLD' as 'working' [sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=someuser,ou=user,dc=Sub,dc=Domain,dc=TLD [sssd[be[LDAP]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]
/var/log/auth.log: sshd[13510]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.200.11 user=someuser sshd[13510]: pam_sss(sshd:auth): received for user someuser: 4 (System error)
Old version: 1.11.7-3 (Debian) New version: 1.14.1-1 (Debian)
I'm pretty sure that the connection to the LDAP server does work for NSS. After stopping sssd, deleting /var/lib/sss/db/* and starting sssd again it does fetch all users and groups from the directory.
Any idea what's wrong?
Cheers, Sascha