didrocks
commented
2 months ago FTR: requested information about Windows AD server and OS level. Also, can you run ubuntu-bug adsys and report the content there (see the bug template), so that we get all linux OS info, including its dependencies?
Some of the idea could be a stuck GPT.ini and no refresh for it.
Can you try to check for the cached policy on the windows client? You will have them under /var/cache/adsys. Please look at the GPOs directories, try to find the matching GPO with the object ID and check GPT.ini file content. The version (if the policy was correctly updated) should match the one on the AD server.
Thanks!
cjohnston1158
manguera1
Is there an existing issue for this?
Describe the issue
After configuring certificate auto-enrollment on Ubuntu 22.04 per the docs I am seeing LDAP error 32 LDAP_NO_SUCH_OBJECT. When trying to register with a Windows client, the Windows client was also not receiving the certificates.
There is another OU which was known to be working with a Windows client, so the GPO was compared. The new OU did not have the "Automatic Certificate Request Settings" configured, where the working OU did have this configured. The policy on the new OU was updated to match the working OU. Afterwards the Windows client was able to successfully download the certificates, however the Ubuntu client still is not.
Error message
Steps to reproduce it
https://documentation.ubuntu.com/adsys/en/stable/tutorial/certificates-autoenrolment/
Ubuntu users: System information
No response
Non Ubuntu users: System information
No response
Additional information
No response
Double check your logs