sssd error with Samba 4.0 LDAP_PROTOCOL_ERROR

steve steve at steve-ss.com
Fri Apr 19 11:14:47 MDT 2013


On 04/19/2013 07:00 PM, Rowland Penny wrote:
> On 19/04/13 15:55, steve wrote:
>> Hi
>> I'm trying to pinpoint a problem with sssd. When a user logs in, his 
>> rfc2307 attributes _should_ be pulled from AD (not the cache), 
>> however instead and upon login, Samba 4.0 gives us 
>> LDAP_PROTOCOL_ERROR. It occurs once upon authentication and once 
>> again upon logout. The session goes ahead fine but without recent 
>> changes to the user in the directory (e.g. group membership) until 
>> the sssd cache expires.
>>
>> Could you tell us what would produce the protocol error?
>> Cheers,
>> Steve
>>
>>
>>
> Hi Steve, I think that this is coming from sssd not Samba4 so you 
> might be better asking about this over on the  sssd-devel list.
>
> If this is happening on the S4 server, you could try what I am doing, 
> rely on winbind on the server and just use sssd on the clients.
>
> Rowland
>
>
>
Hi yes. I've had a thread open there too. They just found it. We need:
ldap_referrals=False
It not only removes the error but speeds propogation of new users and 
group members considerably. Not sure of any implications with that but 
will report back if the sssd gurus advise me of any pending fatalities.
Cheers,
Steve



More information about the samba-technical mailing list