View Issue Details

IDProjectCategoryView StatusLast Update
0000372AlmaLinux-8sssdpublic2023-02-28 20:54
Reportermichael.jamieson@zayo.com Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSAlmalinux 9OS Version9.1 (Lime Lynx)
Summary0000372: SSSD will not start TLS
DescriptionSSSD will not start TLS encryption, update-crypto-policies is set to legacy.

(2023-02-21 18:30:43): [be[default]] [resolv_gethostbyname_step] (0x2000): [RID#6] Querying files
(2023-02-21 18:30:43): [be[default]] [resolv_gethostbyname_files_send] (0x0100): [RID#6] Trying to resolve A record of 'wor80ossldaps1' in files
(2023-02-21 18:30:43): [be[default]] [set_server_common_status] (0x0100): [RID#6] Marking server 'wor80ossldaps1' as 'resolving name'
(2023-02-21 18:30:43): [be[default]] [set_server_common_status] (0x0100): [RID#6] Marking server 'wor80ossldaps1' as 'name resolved'
(2023-02-21 18:30:43): [be[default]] [be_resolve_server_process] (0x0200): [RID#6] Found address for server wor80ossldaps1: [10.206.31.37] TTL 7200
(2023-02-21 18:30:43): [be[default]] [sdap_uri_callback] (0x0400): [RID#6] Constructed uri 'ldaps://wor80ossldaps1:636'
(2023-02-21 18:30:43): [be[default]] [decide_tls_usage] (0x2000): [RID#6] [ldaps://wor80ossldaps1:636] is a secure channel. No need to run START_TLS
(2023-02-21 18:30:43): [be[default]] [sssd_async_socket_init_send] (0x4000): [RID#6] Using file descriptor [23] for the connection.
(2023-02-21 18:30:43): [be[default]] [sssd_async_socket_init_send] (0x0400): [RID#6] Setting 6 seconds timeout [ldap_network_timeout] for connecting
(2023-02-21 18:30:43): [be[default]] [sss_ldap_init_sys_connect_done] (0x0020): [RID#6] ldap_install_tls failed: [Connect error] [error:0A000102:SSL routin
es::unsupported protocol]
(2023-02-21 18:30:43): [be[default]] [sss_ldap_init_state_destructor] (0x0400): [RID#6] calling ldap_unbind_ext for ldap:[0x5610fcee7ea0] sd:[23]
Steps To ReproduceConfigure LDAP authentication using sssd.
TagsNo tags attached.
abrt_hash
URL

Activities

michael.jamieson@zayo.com

2023-02-28 20:54

reporter   ~0000827

here are some sssd_default logs with debigging enabled
(2023-02-28 15:48:19): [be[default]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(2023-02-28 15:48:19): [be[default]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'mrhmonbdh17-ldps' in files
(2023-02-28 15:48:19): [be[default]] [set_server_common_status] (0x0100): Marking server 'mrhmonbdh17-ldps' as 'resolving name'
(2023-02-28 15:48:19): [be[default]] [set_server_common_status] (0x0100): Marking server 'mrhmonbdh17-ldps' as 'name resolved'
(2023-02-28 15:48:19): [be[default]] [be_resolve_server_process] (0x0200): Found address for server mrhmonbdh17-ldps: [10.207.31.37] TTL 7200
(2023-02-28 15:48:19): [be[default]] [sss_ldap_init_sys_connect_done] (0x0020): ldap_install_tls failed: [Connect error] [error:0A000102:SSL routines::unsu
pported protocol]
********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
   * [be[default]] [become_user] (0x0200): Trying to become user [0][0].
   * [be[default]] [become_user] (0x0200): Already user [0].
   * [be[default]] [sss_set_sssd_user_eid] (0x0080): Failed to set egid to 990: Operation not permitted
   * [be[default]] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
   * (2023-02-28 15:48:19): [be[default]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb
   * (2023-02-28 15:48:19): [be[default]] [dp_get_options] (0x0400): Option lookup_family_order has value ipv4_first
   * (2023-02-28 15:48:19): [be[default]] [dp_get_options] (0x0400): Option dns_resolver_timeout has value 6
   * (2023-02-28 15:48:19): [be[default]] [dp_get_options] (0x0400): Option dns_resolver_op_timeout has value 3
   * (2023-02-28 15:48:19): [be[default]] [dp_get_options] (0x0400): Option dns_resolver_server_timeout has value 1000
   * (2023-02-28 15:48:19): [be[default]] [dp_get_options] (0x0400): Option dns_discovery_domain has no value
   * (2023-02-28 15:48:19): [be[default]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first
   * (2023-02-28 15:48:19): [be[default]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
   * (2023-02-28 15:48:19): [be[default]] [fo_context_init] (0x0400): Created new fail over context, retry timeout is 30
   * (2023-02-28 15:48:19): [be[default]] [confdb_init_domain_provider_and_enum] (0x0400): No enumeration for [default]!
   * (2023-02-28 15:48:19): [be[default]] [confdb_init_domain_provider_and_enum] (0x0400): Please note that when enumeration is disabled `getent passwd` d
oes not return all users by design. See sssd.conf man page for more detailed information
   * (2023-02-28 15:48:19): [be[default]] [confdb_init_domain_pwd_expire] (0x1000): pwd_expiration_warning is -1
   * (2023-02-28 15:48:19): [be[default]] [sysdb_domain_init_internal] (0x0200): DB File for default: /var/lib/sss/db/cache_default.ldb
   * (2023-02-28 15:48:19): [be[default]] [sysdb_domain_init_internal] (0x0200): Timestamp file for default: /var/lib/sss/db/timestamps_default.ldb
   * (2023-02-28 15:48:19): [be[default]] [sysdb_ldb_connect] (0x4000): No ldb module path set in env
   * (2023-02-28 15:48:19): [be[default]] [ldb] (0x0400): asq: Unable to register control with rootdse!
   * (2023-02-28 15:48:19): [be[default]] [sysdb_ldb_connect] (0x4000): No ldb module path set in env
   * (2023-02-28 15:48:19): [be[default]] [sss_domain_get_state] (0x1000): Domain default is Active
   * (2023-02-28 15:48:19): [be[default]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)].
   * (2023-02-28 15:48:19): [be[default]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
@@@

Issue History

Date Modified Username Field Change
2023-02-21 23:31 michael.jamieson@zayo.com New Issue
2023-02-28 20:54 michael.jamieson@zayo.com Note Added: 0000827