sssd Error: Could not start TLS encryption. (unknown error code)
sssd Error: Could not start TLS encryption. (unknown error code)
我正在尝试使用 Google 安全 LDAP 配置 Linux 机器身份验证,添加下面我已经完成的步骤
添加了具有以下权限的 LDAP 客户端:
- 访问权限:整个域
- 读取用户信息:整个域
- 读取群组信息:开启
在我的 Ubuntu 框中安装了 SSSd(在 Azure 中是 运行)
sudo apt install -y sssd sssd-tools
我的sssd.conf文件
[sssd]
debug_level = 7
services = nss, pam
domains = mydomain.com
[pam]
debug_level = 7
[nss]
debug_level = 7
[domain/mydomain.com]
debug_level = 7
cache_credentials = true
ldap_id_use_start_tls = true
ldap_tls_cacertdir = /home/ubuntu/ssl_Linux
ldap_tls_cacert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_cert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_key = /home/ubuntu/ssl_Linux/gldap.key
ldap_uri = ldaps://ldap.google.com:636
ldap_search_base = ou=Users,dc=mydomain,dc=com
ldap_group_name = uniqueMember
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_uuid = entryUUID
ldap_groups_use_matching_rule_in_chain = true
ldap_initgroups_use_matching_rule_in_chain = true
enumerate = false
在这里我可以启动 SSSD 服务 bt 出现以下错误
Nov 15 09:14:54 myserver systemd[1]: Started System Security Services Daemon.
Nov 15 09:14:55 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Backend is offline
Nov 15 09:17:19 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:19:48 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:24:02 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
仅供参考: 我能够使用以下命令成功通过 google 安全 LDAP 进行身份验证
LDAPTLS_CERT=mycrt.crt LDAPTLS_KEY=mykey.key ldapsearch -H ldaps://ldap.google.com:636 -b "ou=Users,dc=mydomain,dc=com" -D "my.user@mydomain.com" "(uid=my.user)" -W
请帮助我,
谢谢:)
我在新的虚拟机上尝试过相同的 document,它对我来说工作正常。
只需确保在 http://admin.google.com/ 门户中配置 google LDAP 客户端后 最多可能需要 24 小时才能生效.
谢谢
我正在尝试使用 Google 安全 LDAP 配置 Linux 机器身份验证,添加下面我已经完成的步骤
添加了具有以下权限的 LDAP 客户端:
- 访问权限:整个域
- 读取用户信息:整个域
- 读取群组信息:开启
在我的 Ubuntu 框中安装了 SSSd(在 Azure 中是 运行)
sudo apt install -y sssd sssd-tools
我的sssd.conf文件
[sssd]
debug_level = 7
services = nss, pam
domains = mydomain.com
[pam]
debug_level = 7
[nss]
debug_level = 7
[domain/mydomain.com]
debug_level = 7
cache_credentials = true
ldap_id_use_start_tls = true
ldap_tls_cacertdir = /home/ubuntu/ssl_Linux
ldap_tls_cacert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_cert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_key = /home/ubuntu/ssl_Linux/gldap.key
ldap_uri = ldaps://ldap.google.com:636
ldap_search_base = ou=Users,dc=mydomain,dc=com
ldap_group_name = uniqueMember
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_uuid = entryUUID
ldap_groups_use_matching_rule_in_chain = true
ldap_initgroups_use_matching_rule_in_chain = true
enumerate = false
在这里我可以启动 SSSD 服务 bt 出现以下错误
Nov 15 09:14:54 myserver systemd[1]: Started System Security Services Daemon.
Nov 15 09:14:55 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Backend is offline
Nov 15 09:17:19 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:19:48 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:24:02 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
仅供参考: 我能够使用以下命令成功通过 google 安全 LDAP 进行身份验证
LDAPTLS_CERT=mycrt.crt LDAPTLS_KEY=mykey.key ldapsearch -H ldaps://ldap.google.com:636 -b "ou=Users,dc=mydomain,dc=com" -D "my.user@mydomain.com" "(uid=my.user)" -W
请帮助我,
谢谢:)
我在新的虚拟机上尝试过相同的 document,它对我来说工作正常。
只需确保在 http://admin.google.com/ 门户中配置 google LDAP 客户端后 最多可能需要 24 小时才能生效.
谢谢