[SSSD-users] Re: Advantages of signed SASL bindings vs unsigned SASL bindings....

2020-10-13 Thread Andreas Hasenack 
On Tue, Oct 13, 2020 at 5:04 PM Spike White  wrote:
>
> Yes, correct.  So that MS hotfix:
>
> Addresses an issue that incorrectly reports Lightweight Directory Access 
> Protocol (LDAP) sessions as unsecure sessions in Event ID 2889. This occurs 
> when the LDAP session is authenticated and sealed with a Simple 
> Authentication and Security Layer (SASL) method.
>
> is for W2019.

Isn't it[1] for windows 10? At first I thought it was for the server,
and "blindly" downloaded it. I only realized it was for windows 10
when I tried to install it. So what are they changing on the
client-side to get rid of the log on the server?

1. https://support.microsoft.com/en-us/help/4559003/windows-10-update-kb4559003
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] DNS updates, chicken-and-egg problem during join?

2020-09-18 Thread Andreas Hasenack 
Hi,

I'm verifying under which conditions sssd will perform successful dns
updates on a DNS server backed by AD.

In this scenario, I have a standalone computer, that has an IP
obviously, but no DNS record yet. My goal was to have the join process
also add a DNS record for this computer.

After tracing calls to nsupdate, it looks like what sssd does is use
the output of `hostname -f`, and I don't see a fault with that
reasoning, except that to have that return an fqdn I need either to be
in DNS already, or hack /etc/hosts. Otherwise, it sends the short name
with a dot suffix, and that won't be accepted:
update delete g-client1. in A
update add g-client1. 3600 in A 10.51.0.8
send
update delete g-client1. in 
send

I was wondering if sssd couldn't assume that the domain part is the
same as the realm? I understand there might be many considerations
here, like multiple domains, forests, etc, and maybe that's why this
isn't done. But perhaps there is a way to have the simple case work?
Or is there a config option I missed?

The other trick I see is to set the hostname to the fqdn, so that
`hostname` returns the full thing. It's not technically correct I
suppose, but gets the job done. Is that what people also do?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: realmd: socket activation and sssd.conf's services= line

2020-09-09 Thread Andreas Hasenack 
Hello James,

thanks for the reply

On Tue, Sep 8, 2020 at 3:45 PM James Cassell
 wrote:
> > At the moment I'm just disabling adding the services line. Is this too 
> > horrible?
>
> In my experience on RHEL 8, some of the services are unreliable when 
> activated in this manner. The services line never fails. I believe the 
> .service (or .socket) files on RHEL 8 are written to avoid any collision. 
> Specially, I think the socket activated version is a no op if the services 
> line one is running.

Do you have some pointers to such issues, like bug reports or mailing
list posts?

Debian and Ubuntu use the upstream systemd service files as is, with
no changes, and we do see conflicts when services= is used together
with socket activation.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] realmd: socket activation and sssd.conf's services= line

2020-09-08 Thread Andreas Hasenack 
Hi,

This is more of a realmd question than sssd, but closely related.

Debian and Ubuntu defaulted to socket activated systemd services for
all the sssd-* daemons. So they are started on demand.

realmd currently always adds a "services = nss, pam" line (or augments
it if it's there already). sssd will then start nss and pam, but so
will systemd, and that creates a (apparently harmless) conflict and
logs errors to the logs.

I don't know if there is a way for realmd to detect this scenario and
not add that services line, or if there should be a command-line
option for it? Or maybe something in realm-.conf even?

At the moment I'm just disabling adding the services line. Is this too horrible?

--- a/service/realm-sssd-config.c
+++ b/service/realm-sssd-config.c
@@ -154,8 +154,6 @@
g_strfreev (already);

/* Setup a default sssd section */
-   if (!realm_ini_config_have (config, "section", "services"))
-   realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
if (!realm_ini_config_have (config, "sssd", "config_file_version"))
realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);

--- a/tests/test-sssd-config.c
+++ b/tests/test-sssd-config.c
@@ -90,7 +90,7 @@
  gconstpointer unused)
 {
const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
-   const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one,
two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos
= 2\n";
+   const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one,
two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
GError *error = NULL;
gchar *output;
gboolean ret;
@@ -140,7 +140,7 @@
 test_add_domain_only (Test *test,
   gconstpointer unused)
 {
-   const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version
= 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
+   const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version
= 2\n\n[domain/two]\ndos = 2\n";
GError *error = NULL;
gchar *output;
gboolean ret;
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] why does krb5_validate default to false?

2020-04-20 Thread Andreas Hasenack 
Hi,

I'm wondering why krb5_validate defaults to false in sssd-krb5, and
apparently it's the same default in the mit kerberos libraries (via
verify_ap_req_nofail). It should solve the KDC impersonation attack,
at the expense of a slightly more complicated setup (create the host
principal, extract key, create keytab). Is it because of this added
difficulty in setting up things, or does it not work on very common
scenarios/applications? Or just one of those hard to do transitions?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Heads up. Moving to github on April 8

2020-04-09 Thread Andreas Hasenack 
hello,

On Thu, Apr 9, 2020 at 9:33 AM Pavel Březina  wrote:
> Issue tracker was opened on github.
>
> Old issues will be kept in Pagure so we can communicate with original
> reporters (Github does not support Fedora Account so we can not simply
> migrate them). Unfortunately 'New issue' button is still available on
> Pagure - there does not seem to be a way how to disable new issues
> without making the issues read only. But please, report new issues
> against Github.

If pagure has this feature, could you perhaps add a template for
issues on pagure that basically says to open them in github instead?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: sssd backend not workin on ubuntu 18.04

2019-08-13 Thread Andreas Hasenack 
Hello,

On Tue, Aug 13, 2019 at 1:01 PM Charles Hedrick  wrote:
>
> On our Ubuntu 18.04 servers, sssd won’t start. Logging shows that it can’t 
> find any DNS servers. Restarting sssd fixes it.

Sounds like https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1723350 ?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: socket activated services and "implicit" sssd.conf?

2019-08-05 Thread Andreas Hasenack 
Hello

On Sat, Aug 3, 2019 at 2:17 PM Jakub Hrozek  wrote:
>
> On Thu, Aug 01, 2019 at 07:50:09PM +0300, Timo Aaltonen wrote:
> >
> > Hi,
> >
> > As discussed on irc, the fallback config enables 'services=nss', and
> > check_socket_activated_responder() bails out if there's no conffile.
> >
> > So both should be fixed to allow sssd to start without extra noise when
> > socket activation is enabled and no conffile around (the default case
> > when the package is installed).
>
> Can you file tickets?

Sure, I filed this ticket: https://pagure.io/SSSD/sssd/issue/4054

Thanks!
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] socket activated services and "implicit" sssd.conf?

2019-08-01 Thread Andreas Hasenack 
Hi there,

I'm trying to update the sssd package in ubuntu to 2.2.0, and while
the upstream tests pass, and our integration tests pass too, I get
this warning (error?) with the socket services right after
installation:

(https://pastebin.ubuntu.com/p/ZzW8BG2fpm/)

root@eoan-sssd2:~# systemctl status sssd-autofs.service
● sssd-autofs.service - SSSD AutoFS Service responder
   Loaded: loaded (/lib/systemd/system/sssd-autofs.service; indirect;
vendor preset: enabled)
   Active: inactive (dead)
 Docs: man:sssd.conf(5)

root@eoan-sssd2:~# systemctl status sssd-nss.socket
● sssd-nss.socket - SSSD NSS Service responder socket
   Loaded: loaded (/lib/systemd/system/sssd-nss.socket; enabled;
vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2019-08-01 12:49:07
UTC; 16min ago
 Docs: man:sssd.conf(5)
   Listen: /var/lib/sss/pipes/nss (Stream)

Aug 01 12:49:07 eoan-sssd2 systemd[1]: Starting SSSD NSS Service
responder socket.
Aug 01 12:49:07 eoan-sssd2
sssd_check_socket_activated_responders[3012]: (Thu Aug  1
12:49:07:354960 2019) [sssd] [check_socket_activated_responder]
(0x0020): ini_config_file_open() failed [2][No such file or directory]
Aug 01 12:49:07 eoan-sssd2
sssd_check_socket_activated_responders[3012]: (Thu Aug  1
12:49:07:355071 2019) [sssd] [main] (0x0010): Misconfiguration found
for the nss responder.
Aug 01 12:49:07 eoan-sssd2
sssd_check_socket_activated_responders[3012]: The nss responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Aug 01 12:49:07 eoan-sssd2
sssd_check_socket_activated_responders[3012]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
nss's socket by calling:
Aug 01 12:49:07 eoan-sssd2
sssd_check_socket_activated_responders[3012]: "systemctl disable
sssd-nss.socket"
Aug 01 12:49:07 eoan-sssd2 systemd[1]: sssd-nss.socket: Control
process exited, code=exited, status=2/INVALIDARGUMENT
Aug 01 12:49:07 eoan-sssd2 systemd[1]: sssd-nss.socket: Failed with
result 'exit-code'.
Aug 01 12:49:07 eoan-sssd2 systemd[1]: Failed to listen on SSSD NSS
Service responder socket.

There is no /etc/sssd/sssd.conf file present, so I think it assumes
some defaults. What are these?

After install I get these services running:
 1871 ?Ss 0:00 /usr/sbin/sssd -i --logger=files
 1872 ?S  0:00  \_ /usr/libexec/sssd/sssd_be --domain
implicit_files --uid 0 --gid 0 --logger=files
 1873 ?S  0:00  \_ /usr/libexec/sssd/sssd_nss --uid 0
--gid 0 --logger=files

So here is my assumption: there is an implicit sssd.conf configuration
that is taken in since there is no actual sssd.conf file, and that
just starts sssd_nss, and at the *same* *time* we are trying to use
socket activation, which then says "why are you starting the socket
listener, since you are already starting nss?" I'm guessing only
debian-based systems see this, because we start the services right
after installation, and don't have a default sssd.conf file shipped
with the package.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: 1.16.2 test failure: sss_nss_idmap-tests

2018-08-09 Thread Andreas Hasenack 
>
> Thank you for figuring out the linker option which caused the issue and
> for the suggestions.
>
> I've opened https://pagure.io/SSSD/sssd/issue/3801 to track the issue
> and also created https://github.com/SSSD/sssd/pull/632.

Thanks. I commented in the PR. The test now passes on Ubuntu with
-Wl,-Bsymbolic-functions enabled. \o/
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/HPPLNT4Y4JG4UY4OCO3FDFOCRMJTWA2S/

[SSSD-users] Re: 1.16.2 test failure: sss_nss_idmap-tests

2018-08-07 Thread Andreas Hasenack 
On Tue, Aug 7, 2018 at 8:04 AM Sumit Bose  wrote:
>
> On Mon, Jul 23, 2018 at 10:01:26AM +0200, Jakub Hrozek wrote:
> > Unfortunately these tests don’t have an option to raise the debug level so 
> > stepping throught them with gdb is the only option I’m afraid..
>
> I think I didn't properly mock sss_nss_make_request_timeout() here.
> Instead of the provided call which just mock the results the original
> one is used which tries to talk to SSSD which either does not run or
> does not know about the test user, hence the return code 0x02 (ENOENT).
>
> If you run the test with strace you should see that the test program
> tries to connect to /var/lib/sss/pipes/nss which is not expected. I'll
> try to fix this.

Indeed it does try that connect a few times:

11933 connect(3, {sa_family=AF_UNIX,
sun_path="/var/lib/sss/pipes/nss"}, 110) = -1 ENOENT (No such file or
directory)

But something is still unexplained: the same test works just fine in
debian, and doesn't try to connect to that socket.

I might try updating nss. I have 3.36, and debian has 3.38.

Thanks!
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/ZFCUBBCBXO54VBPDU5SLKL2OCWOW5FTL/

[SSSD-users] Re: 1.16.2 test failure: sss_nss_idmap-tests

2018-07-20 Thread Andreas Hasenack 
What I figured out so far is that this is a test that is enabled if
you have cmocka installed, and this is the first time I had that.
On Fri, Jul 20, 2018 at 2:22 PM Andreas Hasenack  wrote:
>
> Hi,
>
> I'm building 1.16.2 with just
> https://pagure.io/SSSD/sssd/c/a2cc554f438c220b3cc73eb93879dd87795a86cd?branch=master
> applied (without it, it doesn't build in Ubuntu currently) and I'm
> seeing this test failure:
>
> [==] Running 2 test(s).
> [ RUN  ] test_getsidbyname
> [  ERROR   ] --- 0x2 != 0
> [   LINE   ] --- ../src/tests/cmocka/sss_nss_idmap-tests.c:121: error: 
> Failure!
> [  FAILED  ] test_getsidbyname
> [ RUN  ] test_getorigbyname
> [  ERROR   ] --- 0x2 != 0
> [   LINE   ] --- ../src/tests/cmocka/sss_nss_idmap-tests.c:140: error: 
> Failure!
> [  FAILED  ] test_getorigbyname
> [==] 2 test(s) run.
> [  PASSED  ] 0 test(s).
> [  FAILED  ] 2 test(s), listed below:
> [  FAILED  ] test_getsidbyname
> [  FAILED  ] test_getorigbyname
>
>  2 FAILED TEST(S)
> FAIL sss_nss_idmap-tests (exit status: 2)
>
> I tried with samba 4.7.6 and 4.8.2 installed, and also with
> --with-smb-idmap-interface-version 5 and 6, same result. Debian is at
> 1.16.2 and the tests pass there just fine, so I think I'm looking at
> some dependency problem.
> ldb is 1.3.1
> tdb is 1.3.15
>
> Any pointers? Maybe a way to run just that test, so I can add
> debugging statements?
>
> Thanks!
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/UB32RZUSGRALDIPPDUSJIT6CSTCSM3F6/

[SSSD-users] 1.16.2 test failure: sss_nss_idmap-tests

2018-07-20 Thread Andreas Hasenack 
Hi,

I'm building 1.16.2 with just
https://pagure.io/SSSD/sssd/c/a2cc554f438c220b3cc73eb93879dd87795a86cd?branch=master
applied (without it, it doesn't build in Ubuntu currently) and I'm
seeing this test failure:

[==] Running 2 test(s).
[ RUN  ] test_getsidbyname
[  ERROR   ] --- 0x2 != 0
[   LINE   ] --- ../src/tests/cmocka/sss_nss_idmap-tests.c:121: error: Failure!
[  FAILED  ] test_getsidbyname
[ RUN  ] test_getorigbyname
[  ERROR   ] --- 0x2 != 0
[   LINE   ] --- ../src/tests/cmocka/sss_nss_idmap-tests.c:140: error: Failure!
[  FAILED  ] test_getorigbyname
[==] 2 test(s) run.
[  PASSED  ] 0 test(s).
[  FAILED  ] 2 test(s), listed below:
[  FAILED  ] test_getsidbyname
[  FAILED  ] test_getorigbyname

 2 FAILED TEST(S)
FAIL sss_nss_idmap-tests (exit status: 2)

I tried with samba 4.7.6 and 4.8.2 installed, and also with
--with-smb-idmap-interface-version 5 and 6, same result. Debian is at
1.16.2 and the tests pass there just fine, so I think I'm looking at
some dependency problem.
ldb is 1.3.1
tdb is 1.3.15

Any pointers? Maybe a way to run just that test, so I can add
debugging statements?

Thanks!
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/VLOM5TMYWX35MM7QIKLBA42N5XKWK2RR/

[SSSD-users] Re: Ubuntu 16.04.4 LTS 4.4.0-108+ and sssd freezes virtual server

2018-03-19 Thread Andreas Hasenack 
On Fri, Mar 16, 2018 at 7:48 PM, David Hunter 
wrote:

> *Guest OS*: Ubuntu 16.04.4 LTS (kernel versions 4.4.0-108 to current 116)
>
> *Virtualization env*: VMWare ESXi 6.0
>
> *Host hardware*: Dell R720
>
>
> Using SSSD to bind linux servers to the AD domain for authentication. This
> was working fine right up to 4.4.0-104. After the update to -108,-109,-112,
> or -116, if sssd is enabled OR if it is disabled but then started after a
> successful boot and you perform a lookup (i.e. id some_domain_user), the
> entire system will freeze, and you have to force a reboot. There's even a
> blip in the syslog when it happens.
>
>
>
Hi

this bug sounds similar:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1746806
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: nsupdate

2018-03-13 Thread Andreas Hasenack 
On Tue, Mar 13, 2018 at 8:40 AM, Roger Martensson <
roger.martens...@gmail.com> wrote:

> Hi
>
> Den 13 mars 2018 12:09 skrev "Max DiOrio" :
>
>> Is your dns server set to secure updates only?
>>
>
> Yes it is and as is should be.
>
> I've filed a bugreport on the package at Ubunts launchpad so hopefully it
> gets resolved before release of 18.04.
>
>
This one, right?

https://bugs.launchpad.net/bugs/1755439
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: Ubuntu Xenial failures

2017-12-18 Thread Andreas Hasenack 
You should file a bug in Ubuntu, specially if downgrading to the previous
package fixes the problem for you.

On Dec 18, 2017 18:10, "Jay McCanta"  wrote:

> After an update to Ubuntu Xenial, sssd_pam always fails with a system
> error(4) error.
>
> Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:auth):
> authentication success; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=192.168.11.129 user=mccanta
> Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:account): Access
> denied for user mccanta: 4 (System error)
>
> I have debug_level 10 logs I can send.  Didn't want to post thos to the
> mailing list.
>
> Jay
>
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org