Spike, the machine will always have an account in the AD Realm. So no, you do not have to leave and re-join. What DOES time out is the password. sssd should renew the password periodcially (*) when it is running. As you say you have had > 30 days of downtime
You can use the msktutil to reset a password https://fuhm.net/software/msktutil/manpage.html#PASSWORD EXPIRY (*) you can change this periddicity in sssd - and can turn it down to a very shirt time, for debugging. One of the parameters is also 'how soon after startup should I look at the age of the password On Mon, 8 Oct 2018 at 15:16, Spike White <[email protected]> wrote: > > All, > > I had a VM down for a great number of days. Apparently, it was not 30 days. > Because even though it initially didn't correct do AD authentication, I fixed > one misconfiguration in /etc/krb5.conf, restarted SSSD and it did. > > But that raises a bigger question. If it's been >30 days and my machine > account is no longer valid, how do I rejoin the domain? > > Is it: > realm leave (no flags) > readlm join (with all my usual flags that I use on the initial realm join) > > Spike > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
