On Thu, Feb 13, 2020 at 01:42:33PM +0000, Mote, Todd wrote:
> I'll work on getting that today. This is what I know so far.
>
>
>
> Test system updated through our Satellite, so nothing special or different.
> Yum updated everything:
>
> RHEL 7.7
>
> sssd-1.16.4-21.el7_7.1.x86_64
>
> adcli-0.8.1-9.el7.x86_64
>
>
>
> Domain:
>
> Windows Server 2016
>
> regkey ldapserverintegrity=2
>
> regkey ldapenforcechannelbinding=1
>
>
>
> we splunk our domain logs and my coworker wrote a dashboard to display the
> entries when either simple binds or unsigned sasl occur. Over the last 24
> hours my test host triggered the unsigned sasl entry 13 times. Each entry
> corresponds precisely to the adcli check password attempt in the logs. It
> doesn't log an unsigned sasl event every hour, and a couple of times not at
> all for several hours. I'm not sure what's behind that. Times here are UTC
> -6. I’m in the 7:00 hour here. The most recent entry is below. I’ll work
> to get a trace running by the next hour, in case it logs it again.
Hi,
can you try to run the following ldapsearch commands and check which one
causes a message in the event log?
ldapsearch -H cldap://ad-server.ADTEST.domain.com -b '' -s base
'(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon
ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s base
'(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon
ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s base
kinit '[email protected]'
ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b '' -s base
kinit '[email protected]'
ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSS-SPNEGO -b '' -s
base
bye,
Sumit
>
>
>
> This behavior also happens with RHEL 8, sssd 2.2 and adcli 0.8.2. I see the
> same entries logged in both the sssd log on the device and the domain.
>
>
> Timestamp<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitoring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&display.general.type=statistics&display.statistics.sortColumn=Timestamp&display.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F7E-929B-F56DE7E31D3B>
> User
> Name<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitoring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&display.general.type=statistics&display.statistics.sortColumn=Timestamp&display.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F7E-929B-F56DE7E31D3B>
> Binding
> Type<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitoring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&display.general.type=statistics&display.statistics.sortColumn=Timestamp&display.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F7E-929B-F56DE7E31D3B>
> 02-13-2020 07:12:33
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-13-2020 05:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-13-2020 03:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-13-2020 02:12:35
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-13-2020 01:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 23:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 22:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 19:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 17:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 14:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 13:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 09:12:35
> ADTEST\ANTI-TEST$
> Unsigned SASL
> 02-12-2020 08:12:34
> ADTEST\ANTI-TEST$
> Unsigned SASL
>
>
>
>
>
> (Thu Feb 13 07:12:33 2020) [sssd[be[adtest.domain.com]]]
> [ad_machine_account_password_renewal_done] (0x1000): --- adcli output start---
>
> * Found realm in keytab: ADTEST.domain.com
>
> * Found computer name in keytab: ANTI-TEST
>
> * Found service principal in keytab: host/ANTI-TEST
>
> * Found service principal in keytab: host/anti-test.adtest.domain.com
>
> * Found host qualified name in keytab: anti-test.adtest.domain.com
>
> * Found service principal in keytab: RestrictedKrbHost/ANTI-TEST
>
> * Found service principal in keytab:
> RestrictedKrbHost/anti-test.adtest.domain.com
>
> * Using fully qualified name: anti-test.adtest.domain.com
>
> * Using domain name: adtest.domain.com
>
> * Calculated computer account name from fqdn: ANTI-TEST
>
> * Using domain realm: adtest.domain.com
>
> * Sending netlogon pings to domain controller: cldap:// xxx.xxx.xxx.xxx
>
> * Received NetLogon info from: dc01a.adtest.domain.com
>
> * Wrote out krb5.conf snippet to
> /tmp/adcli-krb5-RCmgmC/krb5.d/adcli-krb5-conf-vPdhBf
>
> * Authenticated as default/reset computer account: ANTI-TEST
>
> * Looked up short domain name: ADTEST
>
> * Looked up domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx
>
> * Using fully qualified name: anti-test.adtest.domain.com
>
> * Using domain name: adtest.domain.com
>
> * Using computer account name: ANTI-TEST
>
> * Using domain realm: adtest.domain.com
>
> * Using fully qualified name: anti-test.adtest.domain.com
>
> * Enrolling computer name: ANTI-TEST
>
> * Generated 120 character computer password
>
> * Using keytab: FILE:/etc/krb5.keytab
>
> * Found computer account for ANTI-TEST$ at:
> CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Departments,DC=adtest,DC=domain,DC=com
>
> * Retrieved kvno '6' for computer account in directory:
> CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Departments,DC=adtest,DC=domain,DC=com
>
> * Password not too old, no change needed
>
> * Sending netlogon pings to domain controller: cldap://xxx.xxx.xxx.xxx
>
> * Received NetLogon info from: dc01a.adtest.domain.com
>
> * Checking RestrictedKrbHost/anti-test.adtest.domain.com
>
> * Added RestrictedKrbHost/anti-test.adtest.domain.com
>
> * Checking host/anti-test.adtest.domain.com
>
> * Added host/anti-test.adtest.domain.com
>
> * Checking RestrictedKrbHost/ANTI-TEST
>
> * Added RestrictedKrbHost/ANTI-TEST
>
> * Checking host/ANTI-TEST
>
> * Added host/ANTI-TEST
>
> ---adcli output end---
>
>
>
> Todd
>
>
>
> -----Original Message-----
> From: Sumit Bose <[email protected]>
> Sent: Thursday, February 13, 2020 1:36 AM
> To: [email protected]
> Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023.
>
>
>
> On Wed, Feb 12, 2020 at 01:11:14PM +0000, Mote, Todd wrote:
>
> > Sumit
>
> >
>
> > Any idea on when your SASL/GSS-SPNEGO patch for adcli might make it
> > downstream? It seems that adcli is checking once an hour on the age of the
> > password and is the only thing left on my test hosts that is triggering the
> > Unsigned SASL event on our domain controllers. I have tinkered with the
> > GSSAPI and other settings in ldap.conf, so none of the connections are
> > simple, just unsigned, which isn't terrible, but it'd be nice to eliminate
> > them altogether, ya know?
>
>
>
> Hi,
>
>
>
> they are planned for the next RHEL releases and I'm about to prepare Fedora
> packages.
>
>
>
> I did some tests with older RHEL7 versions and didn't come across issues even
> with only SASL/GSSAPI when I enforce channel binding and LDAP signing on AD.
> Would it be possible to send a network trace which covers the connection
> attempt of adcli which causes the issue?
>
>
>
> bye,
>
> Sumit
>
>
>
> >
>
> > Todd
>
> >
>
> > -----Original Message-----
>
> > From: Sumit Bose <[email protected]<mailto:[email protected]>>
>
> > Sent: Thursday, February 6, 2020 10:18 AM
>
> > To:
> > [email protected]<mailto:[email protected]>
>
> > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023.
>
> >
>
> > On Thu, Feb 06, 2020 at 03:05:13PM +0000, Ondrej Valousek wrote:
>
> > > did you try refreshing the machine password in AD?Looks like it's too old.
>
> > > O.
>
> > > ________________________________
>
> > > From: David David <[email protected]<mailto:[email protected]>>
>
> > > Sent: Thursday, February 6, 2020 12:09 PM
>
> > > To:
> > > [email protected]<mailto:[email protected]>
>
> > > <[email protected]<mailto:[email protected]>>
>
> > > Subject: [SSSD-users] sssd 1.16.4. ADV190023.
>
> > >
>
> > > Hello,
>
> > > i guess that you probably heard about ADV190023. Our AD admin told me
> > > that linux servers which are under my responsibility send an unsigned
> > > request to AD, what could be a problem related to this incomming Ad
> > > patch:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4520412%2F2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637171761658405405&sdata=oTC4Cl5Mjq0GkByad1Q9oNVhO%2FZ6AzDEvxXGbM5P%2FDA%3D&reserved=0.
>
> > >
>
> > > I am using sssd in "sssd-ad mode." The communication between a linux
> > > servers and our AD is crypted by kerberos, so this should be ok.
>
> > >
>
> > > I found only one kind of request which could result in potential failure.
> > > After mentioned patching implementation. See please below:
>
> > >
>
> > > (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] [be_ptask_execute] (0x0400):
>
> > > Task [AD machine account password renewal]: executing task, timeout
>
> > > 60 seconds (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] [be_ptask_done]
>
> > > (0x0400): Task [AD machine account password renewal]: finished
>
> > > successfully (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]]
>
> > > [be_ptask_schedule] (0x0400): Task [AD machine account password
>
> > > renewal]: scheduling task 86400 seconds from last
>
> >
>
> > Hi,
>
> >
>
> > Ondrej is right, those messages are related to adcli trying to update
>
> > the machine account password if it is too old. To check when the
>
> > password was last updated adcli uses LDAP with SASL/GSSAPI. I've added
>
> > a patch so that SASL/GSS-SPNEGO is used when it is available in the AD
>
> > DC side
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitl
>
> > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2Fa6f795ba3d6048b32d78634
>
> > 68688bf7f42b2cafd&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719
>
> > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1
>
> > %7C637171761658405405&sdata=rPcG9mknHufVZUy6ege6n2vx%2B1Hy5XQhDn7H
>
> > 8ugqlzA%3D&reserved=0 With SASL/GSS-SPNEGO all requirements are
>
> > negotiated automatically and signing should be switched on if required.
>
> >
>
> > With SASL/GSSAPI you might be able to tune this manually, see e.g. the SASL
> > and GSSAPI options in man ldap.conf for details.
>
> >
>
> > There is also a patch for adcli which tells adcli to use ldaps
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitl
>
> > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2F85097245b57f190337225db
>
> > dbf6e33b58616c092&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719
>
> > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1
>
> > %7C637171761658405405&sdata=9dY6eOGTKimEYqydWbRFROldOTNRM16t1caeUh
>
> > bBTiY%3D&reserved=0 but this is currently not used by SSSD. And in
>
> > general I think using GSS-SPNEGO is sufficient since there is no
> > requirement to switch to ldaps (if I read the advisory correctly) and AD
> > does not enable ldaps by default as well.
>
> >
>
> > bye,
>
> > Sumit
>
> >
>
> > >
>
> > > Everytime, this task is executed, our AD write into its log that an
> > > unsighned request came from my linux server. I tried to set ldap_tls_cert
> > > and ldap_tls_key into sssd.conf which point to the cert and key generated
> > > by our AD, but without success.
>
> > >
>
> > > I tried to find a proper solution how to sign the request that AD stop
> > > complaining, but nothing usefull found.
>
> > >
>
> > > My question is. Should I be affraid that after the patching, our AD will
> > > stop to communicate with my linux servers?
>
> > >
>
> > > Really thanks in advance for your answer. I really appreciate your effort.
>
> > > _______________________________________________
>
> > > sssd-users mailing list --
> > > [email protected]<mailto:[email protected]>
> > > To
>
> > > unsubscribe send an email to
> > > [email protected]<mailto:[email protected]>
>
> > > Fedora Code of Conduct:
>
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo
>
> > > cs
>
> > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0
>
> > > 2%
>
> > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%
>
> > > 7C
>
> > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&sd
>
> > > at
>
> > > a=v3APmwlHF3i9zi1WE950DEAqCMJCirnyPC4YyF2xJPQ%3D&reserved=0
>
> > > List Guidelines:
>
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe
>
> > > do
>
> > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo
>
> > > te
>
> > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e2a5b
>
> > > dd
>
> > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&sdata=QUgcpi8
>
> > > 2T
>
> > > TRy7qanAkjRey8ZpC2GDy7%2BJ7yXeOrtb8I%3D&reserved=0
>
> > > List Archives:
>
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli
>
> > > st
>
> > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost
>
> > > ed
>
> > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2
>
> > > ae
>
> > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C63716602
>
> > > 75
>
> > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2Bx4%3
>
> > > D&
>
> > > amp;reserved=0
>
> >
>
> > > _______________________________________________
>
> > > sssd-users mailing list --
> > > [email protected]<mailto:[email protected]>
> > > To
>
> > > unsubscribe send an email to
> > > [email protected]<mailto:[email protected]>
>
> > > Fedora Code of Conduct:
>
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo
>
> > > cs
>
> > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0
>
> > > 2%
>
> > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%
>
> > > 7C
>
> > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&sd
>
> > > at
>
> > > a=b%2Fu1IXQ%2F42XEq3c6DYwzTyYno4azJb3qvUtPiZmOdrc%3D&reserved=0
>
> > > List Guidelines:
>
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe
>
> > > do
>
> > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo
>
> > > te
>
> > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e2a5b
>
> > > dd
>
> > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&sdata=CIJal5z
>
> > > 4E
>
> > > nNOIQFsuveKmlEK1wMzIx79ZaXavinrtsk%3D&reserved=0
>
> > > List Archives:
>
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli
>
> > > st
>
> > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost
>
> > > ed
>
> > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2
>
> > > ae
>
> > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C63716602
>
> > > 75
>
> > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2Bx4%3
>
> > > D&
>
> > > amp;reserved=0
>
> > _______________________________________________
>
> > sssd-users mailing list --
> > [email protected]<mailto:[email protected]>
> > To
>
> > unsubscribe send an email to
> > [email protected]<mailto:[email protected]>
>
> > Fedora Code of Conduct:
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
>
> > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%
>
> > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C
>
> > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdat
>
> > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0
>
> > List Guidelines:
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo
>
> > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote
>
> > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5bdd
>
> > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3GV
>
> > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0
>
> > List Archives:
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
>
> > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted
>
> > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff9
>
> > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371717616
>
> > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3D&am
>
> > p;reserved=0
>
> > >> This message is from an external sender. Learn more about why this <<
>
> > >> matters at https://links.utexas.edu/rtyclf. <<
>
> > _______________________________________________
>
> > sssd-users mailing list --
> > [email protected]<mailto:[email protected]>
> > To
>
> > unsubscribe send an email to
> > [email protected]<mailto:[email protected]>
>
> > Fedora Code of Conduct:
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
>
> > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%
>
> > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C
>
> > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdat
>
> > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0
>
> > List Guidelines:
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo
>
> > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote
>
> > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5bdd
>
> > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3GV
>
> > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0
>
> > List Archives:
>
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
>
> > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted
>
> > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff9
>
> > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371717616
>
> > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3D&am
>
> > p;reserved=0
>
> _______________________________________________
>
> sssd-users mailing list --
> [email protected]<mailto:[email protected]>
> To unsubscribe send an email to
> [email protected]<mailto:[email protected]>
>
> Fedora Code of Conduct:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0
>
> List Guidelines:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3GVY3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0
>
> List Archives:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658425396&sdata=jwjagkg01nWc7hscD0EeXRGk0wOJf5yavolvqc3rIwU%3D&reserved=0
>
> >> This message is from an external sender. Learn more about why this <<
>
> >> matters at https://links.utexas.edu/rtyclf. <<
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
