I'm trying to authenticate against Google LDAP (G Suite/Google Admin) to allow my clients to log in using their Google credentials. I have no visibility on the LDAP side of things I can only generate the cert/key combo in Google Admin.
This was working well for me on 18.04, but with the upgrade to 20.04 I cannot get it to work. Additionally, it does work for me in other distributions (Fedora) I've included some details below. I read a Canonical post about TLS 1.X and below being disabled with 20.04; does that mean this could be a cipher suite issue?
Error Message
systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-08-02 15:38:22 EDT; 6s ago
Main PID: 3165 (sssd)
Tasks: 4 (limit: 9043)
Memory: 37.3M
CGroup: /system.slice/sssd.service
├─3165 /usr/sbin/sssd -i --logger=files
├─3167 /usr/libexec/sssd/sssd_be --domain mydomain.com --uid 0 --gid 0 --logger=files
├─3168 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
└─3169 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files
Aug 02 15:38:21 JY2D353 systemd[1]: Starting System Security Services Daemon...
Aug 02 15:38:21 JY2D353 sssd[3165]: Starting up
Aug 02 15:38:22 JY2D353 sssd_be[3167]: Starting up
Aug 02 15:38:22 JY2D353 sssd_pam[3169]: Starting up
Aug 02 15:38:22 JY2D353 sssd_nss[3168]: Starting up
Aug 02 15:38:22 JY2D353 sssd_be[3167]: Could not start TLS encryption. unknown error
Aug 02 15:38:22 JY2D353 systemd[1]: Started System Security Services Daemon.
Last Working Config
- Ubuntu 18.04
- SSSD 1.16.0
- Followed instructions located here
I am still able to successfully authenticate using this setup.
Current Configuration
Ubuntu 20.04
SSSD 2.4.0
Same configuration
Logs/conf
etc/sssd.conf
sssd_mydomain.com.log
sssd.log
sssd_pam.log
sssd_nss.log
openssl s_client
