[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

Rowland Penny rpenny at samba.org
Fri Sep 2 16:05:30 UTC 2016


On Fri, 2 Sep 2016 16:36:43 +0100
Fosiul Alam via samba <samba at lists.samba.org> wrote:

> Hi Experts
> I have setup samba4 version "samba-4.4.5" , Windows Authentication
> working fine.
> however sssd authentication not working, Same setup work with older
> version of samba4  , so i guess bellow requirement has been added
> new, but I dont understand what shall i do to make sssd work .
> 
> bellow log i am getting from sssd log
> 
> 
> [simple_bind_done] (3): Bind result: Strong(er) authentication
> required(8), BindSimple: Transport encryption required.
> 
> 
> 
> (Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [simple_bind_send] (4):
> Executing simple bind as: CN=ldapadmin,cn=Users,dc=xxx,dc=xxxx
> (Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [simple_bind_done] (5):
> Server returned no controls.
> (Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [simple_bind_done]
> (3): Bind result: Strong(er) authentication required(8), BindSimple:
> Transport encryption required.
> (Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]] [fo_set_port_status]
> (4): Marking port 389 of server 'xxxxx' as 'not working'
> ri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]]
> [sdap_id_op_connect_done] (1): Failed to connect, going offline (5
> [Input/output error]) (Fri Sep  2 18:22:13 2016) [sssd[be[xxx.xxx]]]
> [be_run_offline_cb] (3): Going offline. Running callbacks.
> 
> 
> my sssd configuation is bellow
> 
> [sssd]
> config_file_version = 2
> domains = xxx.xxx
> services = nss, pam
> debug_level = 5
> 
> 
> [nss]
> 
> 
> [pam]
> 
> 
> [domain/xxx.xx]
> ldap_referrals = false
> enumerate = true
> 
> id_provider = ldap
> #access_provider = ldap
> auth_provider = ldap
> ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
> ldap_id_use_start_tls = False
> ldap_auth_disable_tls_never_use_in_production = true
> ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
> ldap_default_authtok_type = password
> ldap_default_authtok = xxxxxxxx
> 
> ldap_schema = rfc2307bis
> 
> ldap_user_search_base = dc=xx,dc=xx
> ldap_user_object_class = user
> ldap_user_home_directory = unixHomeDirectory
> ldap_user_principal = userPrincipalName
> ldap_group_search_base = dc=xx,dc=xx
> ldap_group_object_class = group
> ldap_group_member = memberOf
> access_provider = simple
> 
> 
> 
> simple_allow_groups = IT
> 
> 
> ldap_access_order = expire
> ldap_account_expire_policy = ad
> ldap_force_upper_case_realm = true
> [domain/default]
> cache_credentials = False

Hello, sssd isn't a Samba product, you will probably get better support
by asking on the sssd users mailing list.

Rowland 



More information about the samba mailing list