[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

Fosiul Alam fosiul at gmail.com
Fri Sep 2 15:36:43 UTC 2016


Hi Experts
I have setup samba4 version "samba-4.4.5" , Windows Authentication working
fine.
however sssd authentication not working, Same setup work with older version
of samba4  , so i guess bellow requirement has been added new, but I dont
understand what shall i do to make sssd work .

bellow log i am getting from sssd log


[simple_bind_done] (3): Bind result: Strong(er) authentication required(8),
BindSimple: Transport encryption required.



(Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [simple_bind_send] (4):
Executing simple bind as: CN=ldapadmin,cn=Users,dc=xxx,dc=xxxx
(Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [simple_bind_done] (5):
Server returned no controls.
(Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [simple_bind_done] (3): Bind
result: Strong(er) authentication required(8), BindSimple: Transport
encryption required.
(Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [fo_set_port_status] (4):
Marking port 389 of server 'xxxxx' as 'not working'
ri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [sdap_id_op_connect_done] (1):
Failed to connect, going offline (5 [Input/output error])
(Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [be_run_offline_cb] (3):
Going offline. Running callbacks.


my sssd configuation is bellow

[sssd]
config_file_version = 2
domains = xxx.xxx
services = nss, pam
debug_level = 5


[nss]


[pam]


[domain/xxx.xx]
ldap_referrals = false
enumerate = true

id_provider = ldap
#access_provider = ldap
auth_provider = ldap
ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
ldap_id_use_start_tls = False
ldap_auth_disable_tls_never_use_in_production = true
ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
ldap_default_authtok_type = password
ldap_default_authtok = xxxxxxxx

ldap_schema = rfc2307bis

ldap_user_search_base = dc=xx,dc=xx
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_search_base = dc=xx,dc=xx
ldap_group_object_class = group
ldap_group_member = memberOf
access_provider = simple



simple_allow_groups = IT


ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
[domain/default]
cache_credentials = False


More information about the samba mailing list