sssd error with Samba 4.0 LDAP_PROTOCOL_ERROR

Rowland Penny repenny at
Fri Apr 19 12:43:36 MDT 2013

On 19/04/13 18:14, steve wrote:
> On 04/19/2013 07:00 PM, Rowland Penny wrote:
>> On 19/04/13 15:55, steve wrote:
>>> Hi
>>> I'm trying to pinpoint a problem with sssd. When a user logs in, his 
>>> rfc2307 attributes _should_ be pulled from AD (not the cache), 
>>> however instead and upon login, Samba 4.0 gives us 
>>> LDAP_PROTOCOL_ERROR. It occurs once upon authentication and once 
>>> again upon logout. The session goes ahead fine but without recent 
>>> changes to the user in the directory (e.g. group membership) until 
>>> the sssd cache expires.
>>> Could you tell us what would produce the protocol error?
>>> Cheers,
>>> Steve
>> Hi Steve, I think that this is coming from sssd not Samba4 so you 
>> might be better asking about this over on the  sssd-devel list.
>> If this is happening on the S4 server, you could try what I am doing, 
>> rely on winbind on the server and just use sssd on the clients.
>> Rowland
> Hi yes. I've had a thread open there too. They just found it. We need:
> ldap_referrals=False
> It not only removes the error but speeds propogation of new users and 
> group members considerably. Not sure of any implications with that but 
> will report back if the sssd gurus advise me of any pending fatalities.
> Cheers,
> Steve
Hi Steve, Ah that explains why I never had that problem, I already had 
that in my sssd.conf  ;-)


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list