Hello Rex, for me the Solution was to change the ldap tls cipher parameter. You can easaly check it when you disable ldap_tls_cipher_suite. After this the connection work for me. After a while of search i found that Ubuntu or sssd changed the ssl tool or his paramerts
Not Openssl is used anymore (like redhat) , GNUtls is used (or his parameters) When I use gnutls parameter i can connect to our domain ldap_tls_cipher_suite = NORMAL if you want it more specific you can use like this ( if its pass to your domain settings) ldap_tls_cipher_suite = NONE:+VERS-TLS-ALL:+AES-256-GCM:+SIGN-ALL:+COMP-NUL -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921494 Title: ldap_install_tls occasionally fails due to watchdog timeout when using ad_use_ldaps with tls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1921494/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs