Ahoj Ondro, well my knowledge about sssd is limited, but I would say that the daemon did it instead me. See the middle message: Task [AD machine account password renewal]: finished successfully
This task is by default scheduled after restart of sssd service always. However, I probably found another way how to stay safe after AD patching - I have switched from id_provider = ad, to id_provider = ldap, that allowed me to specify ldap_uri = ldaps://our_ad_machine.domain. After restart sssd AD has stopped complaing about unsighned request, because all communication is handled over TSL 1.2. But I am still curious if there is another solution in case that I would like to keep the setting in mode id_provider = ad. Is there any way to sighn this kind of request? We were affraid that AD will refuse all unsigned communication after the AD patch is applied. Thanks a lot for your knowledge sharing :) _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
