Sumit, thankyou for the advice here. I reduced the password age value, and with the higher logging level the password renewal using adcli was successful. Thanks again.
On 4 July 2018 at 10:03, John Hearns <[email protected]> wrote: > Thankyou Sumit. Indeed I do have adcli installed, and I am investigating > this issue usign the higher log level which you suggest. > > I think this is a problem with domain names. > When I use msktutil to renew the machine password I must explicitly run > msktutil ..auto-update --computer-name myhostname > > This is because the DNS domain of my workstation does not match the > Active Directory realm name > > > > > On 4 July 2018 at 08:48, Sumit Bose <[email protected]> wrote: > >> On Mon, Jun 25, 2018 at 05:12:25PM +0200, John Hearns wrote: >> > After 30 days of running sssd I found that my test workstation no longer >> > connected to the domain. >> > The machine account password had timed out. >> > I now run a daily cron job using msktutil wihch will auto-update the >> > password. >> > >> > However I should not have to do this. sssd should update the machine >> > password. >> > >> > I can see entries in the logs such that the machine account password >> > renewal task is enabled. >> > Then: >> > >> > [be_ptask_execute] (0x0400): Task [AD machine account password renewal]: >> > executing task, timeout 60 seconds >> > >> > How though can I see if this taks is successful or not? >> > I realise that if the machine account is less than 30 days old the task >> > probably silently completes OK without any logging. >> >> Do you have adcli installed? >> >> If you set 'debug_level=7' or higher in the [domain/...] section of >> sssd.conf you should be able to find the debug output of adcli in the >> logs, it will start with '--- adcli output start---'. >> >> HTH >> >> bye, >> Sumit >> >> > >> > The version of sssd is 16.1 running on Ubuntu >> > >> > >> > John Hearns >> >> > _______________________________________________ >> > sssd-users mailing list -- [email protected] >> > To unsubscribe send an email to [email protected] >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: https://lists.fedoraproject.or >> g/archives/list/[email protected]/message/2F >> 77SPP4CXHS4YMKCMHIA5EJHI424VNV/ >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.or >> g/archives/list/[email protected]/message/EH >> QHLPX24S45CM4ELUUDG7NHQHWQK7TE/ >> > >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/3NYQAUGJNSAUUSVDWLLC722J6JXVQZCY/
